vma_copy() function for !CONFIG_PER_VMA_LOCK configuration copies all
fields using memcpy() as opposed to CONFIG_PER_VMA_LOCK version which
copies only required fields. anon_vma_chain field should not be copied
and new vma should instead initialize it to an empty list. Fix this
by initializing anon_vma_chain inside vma_copy() function. The version
of vma_copy() for CONFIG_PER_VMA_LOCK is fine since it does not change
that field and anon_vma_chain of any new vma is already initialized and
empty.
Fixes: 85ad413389ae ("mm: make vma cache SLAB_TYPESAFE_BY_RCU")
Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
Closes: https://lore.kernel.org/oe-lkp/202412082208.db1fb2c9-lkp@xxxxxxxxx
Reported-by: Klara Modin <klarasmodin@xxxxxxxxx>
Closes: https://lore.kernel.org/all/d0ae7609-aca4-4497-9188-bb09e96e7768@xxxxxxxxx/
Signed-off-by: Suren Baghdasaryan <surenb@xxxxxxxxxx>
---
Applies over mm-unstable
kernel/fork.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/fork.c b/kernel/fork.c
index fec32aa06135..d532f893e977 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -524,6 +524,7 @@ static void vma_copy(const struct vm_area_struct *src, struct vm_area_struct *de
* will be reinitialized.
*/
data_race(memcpy(dest, src, sizeof(*dest)));
+ INIT_LIST_HEAD(&dest->anon_vma_chain);
}
#endif /* CONFIG_PER_VMA_LOCK */
base-commit: 6e165f54437931f329d09dca6c19d99af08a36e1
--
2.47.0.338.g60cca15819-goog
