[PATCH 2/2] time/namespace: Forbid timens page faults under kthread_use_mm()
From: Jann Horn
Date: Tue Nov 29 2022 - 14:20:08 EST
find_timens_vvar_page() doesn't work when current's timens does not match
the timens associated with current->mm.
v6 of the series adding this code [1] had some complicated code to deal
with this case, but v7 [2] removed that.
Since the vvar region is designed to only be accessed by vDSO code, and
vDSO code can't run in kthread context, it should be fine to error out in
this case.
Backporting note: This commit depends on the preceding refactoring patch.
[1] https://lore.kernel.org/lkml/20190815163836.2927-24-dima@xxxxxxxxxx/
[2] https://lore.kernel.org/lkml/20191011012341.846266-24-dima@xxxxxxxxxx/
Fixes: ee3cda8e4606 ("arm64/vdso: Handle faults on timens page")
Fixes: 74205b3fc2ef ("powerpc/vdso: Add support for time namespaces")
Fixes: dffe11e280a4 ("riscv/vdso: Add support for time namespaces")
Fixes: eeab78b05d20 ("s390/vdso: implement generic vdso time namespace support")
Fixes: af34ebeb866f ("x86/vdso: Handle faults on timens page")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
---
kernel/time/namespace.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/kernel/time/namespace.c b/kernel/time/namespace.c
index 761c0ada5142a..7315d0aeb1d21 100644
--- a/kernel/time/namespace.c
+++ b/kernel/time/namespace.c
@@ -194,6 +194,17 @@ static void timens_setup_vdso_data(struct vdso_data *vdata,
struct page *find_timens_vvar_page(struct vm_area_struct *vma)
{
+ /*
+ * We can't handle faults where current's timens does not match the
+ * timens associated with the mm_struct. This can happen if a page fault
+ * occurs in a kthread that is using kthread_use_mm().
+ */
+ if (current->flags & PF_KTHREAD) {
+ pr_warn("%s: kthread %s/%d tried to fault in timens page\n",
+ __func__, current->comm, current->pid);
+ return NULL;
+ }
+
if (likely(vma->vm_mm == current->mm))
return current->nsproxy->time_ns->vvar_page;
--
2.38.1.584.g0f3c55d4c2-goog