From 17f7e33c1a0008537d53add1f8e70df8e760486f Mon Sep 17 00:00:00 2001 From: Joe Lawrence Date: Fri, 6 Jan 2023 10:45:27 -0500 Subject: [KPATCH CVE-2022-41222] kpatch fixes for CVE-2022-41222 If a race condition happens between rmap walk and mremap, this can result in stale TLB entries. Waiman suggested a simple RHEL-only fix for kpatch (always taking the rmap_locks) while z-stream opted to backport about dozen related commits. Kernels: 4.18.0-425.3.1.el8 Kpatch-MR: https://gitlab.com/redhat/prdsc/rhel/src/kpatch/rhel-8/-/merge_requests/68 Approved-by: Yannick Cote (@ycote1) Changes since last build: arches: x86_64 ppc64le callback_xdr.o: changed function: nfs_callback_dispatch mremap.o: changed function: move_page_tables nfs3proc.o: changed function: nfsd3_init_dirlist_pages nfs3proc.o: changed function: nfsd3_proc_read nfsproc.o: changed function: nfsd_proc_read nfsproc.o: changed function: nfsd_proc_readdir nfssvc.o: changed function: nfsd_dispatch svc.o: changed function: nlmsvc_dispatch --------------------------- Modifications: RHEL-only Suggested-by: Waiman Long Signed-off-by: Joe Lawrence --- mm/mremap.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/mm/mremap.c b/mm/mremap.c index 3c8a797d5693..d837de27011b 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -289,12 +289,10 @@ unsigned long move_page_tables(struct vm_area_struct *vma, if (extent == HPAGE_PMD_SIZE) { bool moved; /* See comment in move_ptes() */ - if (need_rmap_locks) - take_rmap_locks(vma); + take_rmap_locks(vma); moved = move_huge_pmd(vma, old_addr, new_addr, old_end, old_pmd, new_pmd); - if (need_rmap_locks) - drop_rmap_locks(vma); + drop_rmap_locks(vma); if (moved) continue; } -- 2.39.1