[PATCH openEuler-5.10-LTS 02/12] mm/rmap: Fix kabi broken in anon_vma

From: Ma Wupeng mawupeng1@huawei.com

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5JT6V CVE: NA

--------------------------------

In order to fix CVE-2022-42703, degree in struct anon_vma is splited into two variables(num_children, num_active_vmas) and this will lead to broken kabi.

Since struct anon_vma is only used by mm module and referenced by other struct as pointers. So we can ignore this kabi change warning.

For variable degree in struct anon_vma, previous patch has already delete this but this will lead to kabi change. Add it back at the same position with KABI_DEPRECATE.

For variables(num_children, num_active_vmas), add them at the end of struct anon_vma with KABI_EXTEND.

Signed-off-by: Ma Wupeng mawupeng1@huawei.com Reviewed-by: Kefeng Wang wangkefeng.wang@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- include/linux/rmap.h | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/include/linux/rmap.h b/include/linux/rmap.h index 297744ea4dd0..6201e9069a39 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h @@ -38,16 +38,8 @@ struct anon_vma { */ atomic_t refcount;

- /* - * Count of child anon_vmas. Equals to the count of all anon_vmas that - * have ->parent pointing to this one, including itself. - * - * This counter is used for making decision about reusing anon_vma - * instead of forking new one. See comments in function anon_vma_clone. - */ - unsigned long num_children; - /* Count of VMAs whose ->anon_vma pointer points to this object. */ - unsigned long num_active_vmas; + /* Add degree back for KABI compatibility */ + KABI_DEPRECATE(unsigned, degree)

struct anon_vma *parent; /* Parent of this anon_vma */

@@ -62,6 +54,17 @@ struct anon_vma {

/* Interval tree of private "related" vmas */ struct rb_root_cached rb_root; + + /* + * Count of child anon_vmas. Equals to the count of all anon_vmas that + * have ->parent pointing to this one, including itself. + * + * This counter is used for making decision about reusing anon_vma + * instead of forking new one. See comments in function anon_vma_clone. + */ + KABI_EXTEND(unsigned long num_children) + /* Count of VMAs whose ->anon_vma pointer points to this object. */ + KABI_EXTEND(unsigned long num_active_vmas) };

/*