|
|
b58b33 |
From 17f7e33c1a0008537d53add1f8e70df8e760486f Mon Sep 17 00:00:00 2001
|
|
|
b58b33 |
From: Joe Lawrence <joe.lawrence@redhat.com>
|
|
|
b58b33 |
Date: Fri, 6 Jan 2023 10:45:27 -0500
|
|
|
b58b33 |
Subject: [KPATCH CVE-2022-41222] kpatch fixes for CVE-2022-41222
|
|
|
b58b33 |
|
|
|
b58b33 |
If a race condition happens between rmap walk and mremap, this can
|
|
|
b58b33 |
result in stale TLB entries. Waiman suggested a simple RHEL-only fix
|
|
|
b58b33 |
for kpatch (always taking the rmap_locks) while z-stream opted to
|
|
|
b58b33 |
backport about dozen related commits.
|
|
|
b58b33 |
|
|
|
b58b33 |
Kernels:
|
|
|
b58b33 |
4.18.0-425.3.1.el8
|
|
|
b58b33 |
|
|
|
b58b33 |
|
|
|
b58b33 |
Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-8/-/merge_requests/68
|
|
|
b58b33 |
Approved-by: Yannick Cote (@ycote1)
|
|
|
b58b33 |
Changes since last build:
|
|
|
b58b33 |
arches: x86_64 ppc64le
|
|
|
b58b33 |
callback_xdr.o: changed function: nfs_callback_dispatch
|
|
|
b58b33 |
mremap.o: changed function: move_page_tables
|
|
|
b58b33 |
nfs3proc.o: changed function: nfsd3_init_dirlist_pages
|
|
|
b58b33 |
nfs3proc.o: changed function: nfsd3_proc_read
|
|
|
b58b33 |
nfsproc.o: changed function: nfsd_proc_read
|
|
|
b58b33 |
nfsproc.o: changed function: nfsd_proc_readdir
|
|
|
b58b33 |
nfssvc.o: changed function: nfsd_dispatch
|
|
|
b58b33 |
svc.o: changed function: nlmsvc_dispatch
|
|
|
b58b33 |
---------------------------
|
|
|
b58b33 |
|
|
|
b58b33 |
Modifications: RHEL-only
|
|
|
b58b33 |
Suggested-by: Waiman Long <longman@redhat.com>
|
|
|
b58b33 |
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
|
|
|
b58b33 |
---
|
|
|
b58b33 |
mm/mremap.c | 6 ++----
|
|
|
b58b33 |
1 file changed, 2 insertions(+), 4 deletions(-)
|
|
|
b58b33 |
|
|
|
b58b33 |
diff --git a/mm/mremap.c b/mm/mremap.c
|
|
|
b58b33 |
index 3c8a797d5693..d837de27011b 100644
|
|
|
b58b33 |
--- a/mm/mremap.c
|
|
|
b58b33 |
+++ b/mm/mremap.c
|
|
|
b58b33 |
@@ -289,12 +289,10 @@ unsigned long move_page_tables(struct vm_area_struct *vma,
|
|
|
b58b33 |
if (extent == HPAGE_PMD_SIZE) {
|
|
|
b58b33 |
bool moved;
|
|
|
b58b33 |
/* See comment in move_ptes() */
|
|
|
b58b33 |
- if (need_rmap_locks)
|
|
|
b58b33 |
- take_rmap_locks(vma);
|
|
|
b58b33 |
+ take_rmap_locks(vma);
|
|
|
b58b33 |
moved = move_huge_pmd(vma, old_addr, new_addr,
|
|
|
b58b33 |
old_end, old_pmd, new_pmd);
|
|
|
b58b33 |
- if (need_rmap_locks)
|
|
|
b58b33 |
- drop_rmap_locks(vma);
|
|
|
b58b33 |
+ drop_rmap_locks(vma);
|
|
|
b58b33 |
if (moved)
|
|
|
b58b33 |
continue;
|
|
|
b58b33 |
}
|
|
|
b58b33 |
--
|
|
|
b58b33 |
2.39.1
|
|
|
b58b33 |
|
|
|
b58b33 |
|