CVE-2022-49726

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()<br /> <br /> EXPORT_SYMBOL and __init is a bad combination because the .init.text<br /> section is freed up after the initialization. Hence, modules cannot<br /> use symbols annotated __init. The access to a freed symbol may end up<br /> with kernel panic.<br /> <br /> modpost used to detect it, but it has been broken for a decade.<br /> <br /> Recently, I fixed modpost so it started to warn it again, then this<br /> showed up in linux-next builds.<br /> <br /> There are two ways to fix it:<br /> <br /> - Remove __init<br /> - Remove EXPORT_SYMBOL<br /> <br /> I chose the latter for this case because the only in-tree call-site,<br /> arch/x86/kernel/cpu/mshyperv.c is never compiled as modular.<br /> (CONFIG_HYPERVISOR_GUEST is boolean)