From: Peter Zijlstra peterz@infradead.org
mainline inclusion from mainline-v6.2-rc1 commit 3f4c8211d982099be693be9aa7d6fc4607dff290 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7XLNT CVE: CVE-2022-40982
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
---------------------------
commit 3f4c8211d982099be693be9aa7d6fc4607dff290 upstream.
Instead of duplicating init_mm, allocate a fresh mm. The advantage is that mm_alloc() has much simpler dependencies. Additionally it makes more conceptual sense, init_mm has no (and must not have) user state to duplicate.
Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Link: https://lkml.kernel.org/r/20221025201057.816175235@infradead.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Conflict: arch/x86/mm/init.c Signed-off-by: Zeng Heng zengheng4@huawei.com --- arch/x86/mm/init.c | 3 ++- include/linux/sched/task.h | 1 - kernel/fork.c | 5 ----- 3 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 1dc6286c7fc2..19c531c77810 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -7,6 +7,7 @@ #include <linux/swapops.h> #include <linux/kmemleak.h> #include <linux/sched/task.h> +#include <linux/sched/mm.h>
#include <asm/set_memory.h> #include <asm/e820/api.h> @@ -780,7 +781,7 @@ void __init poking_init(void) spinlock_t *ptl; pte_t *ptep;
- poking_mm = copy_init_mm(); + poking_mm = mm_alloc(); BUG_ON(!poking_mm);
/* Xen PV guests need the PGD to be pinned. */ diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 5629761d9790..bc76171fa6d7 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -88,7 +88,6 @@ extern void exit_itimers(struct task_struct *); extern pid_t kernel_clone(struct kernel_clone_args *kargs); struct task_struct *create_io_thread(int (*fn)(void *), void *arg, int node); struct task_struct *fork_idle(int); -struct mm_struct *copy_init_mm(void); extern pid_t kernel_thread(int (*fn)(void *), void *arg, unsigned long flags); extern long kernel_wait4(pid_t, int __user *, int, struct rusage *); int kernel_wait(pid_t pid, int *stat); diff --git a/kernel/fork.c b/kernel/fork.c index 2547c6a6e5b1..d50609760c26 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2529,11 +2529,6 @@ struct task_struct * __init fork_idle(int cpu) return task; }
-struct mm_struct *copy_init_mm(void) -{ - return dup_mm(NULL, &init_mm); -} - /* * This is like kernel_clone(), but shaved down and tailored to just * creating io_uring workers. It returns a created task, or an error pointer.