In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud The page table check trigger BUG_ON() unexpectedly when collapse hugepage: ------------[ cut here ]------------ kernel BUG at mm/page_table_check.c:82! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750 Hardware name: linux,dummy-virt (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : page_table_check_clear.isra.0+0x258/0x3f0 lr : page_table_check_clear.isra.0+0x240/0x3f0 [...] Call trace: page_table_check_clear.isra.0+0x258/0x3f0 __page_table_check_pmd_clear+0xbc/0x108 pmdp_collapse_flush+0xb0/0x160 collapse_huge_page+0xa08/0x1080 hpage_collapse_scan_pmd+0xf30/0x1590 khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8 khugepaged+0x338/0x518 kthread+0x278/0x2f8 ret_from_fork+0x10/0x20 [...] Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it decrease file_map_count for a non-leaf pmd comes from collapse_huge_page(). and so trigger BUG_ON() unexpectedly. Fix this problem by using pmd_leaf() insteal of pmd_present() in pmd_user_accessible_page(). Moreover, use pud_leaf() for pud_user_accessible_page() too.

• https://git.kernel.org/stable/c/2d458046df634088611d44fd77f45465e833ef78
• https://git.kernel.org/stable/c/5b47348fc0b18a78c96f8474cc90b7525ad1bbfe

• Linux » Linux Kernel » Version: 5.19
  cpe:2.3:o:linux:linux_kernel:5.19
• Linux » Linux Kernel » Version: 5.19.1
  cpe:2.3:o:linux:linux_kernel:5.19.1
• Linux » Linux Kernel » Version: 5.19.10
  cpe:2.3:o:linux:linux_kernel:5.19.10
• Linux » Linux Kernel » Version: 5.19.11
  cpe:2.3:o:linux:linux_kernel:5.19.11
• Linux » Linux Kernel » Version: 5.19.12
  cpe:2.3:o:linux:linux_kernel:5.19.12
• Linux » Linux Kernel » Version: 5.19.13
  cpe:2.3:o:linux:linux_kernel:5.19.13
• Linux » Linux Kernel » Version: 5.19.14
  cpe:2.3:o:linux:linux_kernel:5.19.14
• Linux » Linux Kernel » Version: 5.19.15
  cpe:2.3:o:linux:linux_kernel:5.19.15
• Linux » Linux Kernel » Version: 5.19.16
  cpe:2.3:o:linux:linux_kernel:5.19.16
• Linux » Linux Kernel » Version: 5.19.17
  cpe:2.3:o:linux:linux_kernel:5.19.17
• Linux » Linux Kernel » Version: 5.19.2
  cpe:2.3:o:linux:linux_kernel:5.19.2
• Linux » Linux Kernel » Version: 5.19.3
  cpe:2.3:o:linux:linux_kernel:5.19.3
• Linux » Linux Kernel » Version: 5.19.4
  cpe:2.3:o:linux:linux_kernel:5.19.4
• Linux » Linux Kernel » Version: 5.19.5
  cpe:2.3:o:linux:linux_kernel:5.19.5
• Linux » Linux Kernel » Version: 5.19.6
  cpe:2.3:o:linux:linux_kernel:5.19.6
• Linux » Linux Kernel » Version: 5.19.7
  cpe:2.3:o:linux:linux_kernel:5.19.7
• Linux » Linux Kernel » Version: 5.19.8
  cpe:2.3:o:linux:linux_kernel:5.19.8
• Linux » Linux Kernel » Version: 5.19.9
  cpe:2.3:o:linux:linux_kernel:5.19.9
• Linux » Linux Kernel » Version: 6.0
  cpe:2.3:o:linux:linux_kernel:6.0
• Linux » Linux Kernel » Version: 6.0.1
  cpe:2.3:o:linux:linux_kernel:6.0.1
• Linux » Linux Kernel » Version: 6.0.2
  cpe:2.3:o:linux:linux_kernel:6.0.2
• Linux » Linux Kernel » Version: 6.0.3
  cpe:2.3:o:linux:linux_kernel:6.0.3
• Linux » Linux Kernel » Version: 6.0.4
  cpe:2.3:o:linux:linux_kernel:6.0.4
• Linux » Linux Kernel » Version: 6.0.5
  cpe:2.3:o:linux:linux_kernel:6.0.5
• Linux » Linux Kernel » Version: 6.0.6
  cpe:2.3:o:linux:linux_kernel:6.0.6
• Linux » Linux Kernel » Version: 6.0.7
  cpe:2.3:o:linux:linux_kernel:6.0.7
• Linux » Linux Kernel » Version: 6.0.8
  cpe:2.3:o:linux:linux_kernel:6.0.8
• Linux » Linux Kernel » Version: 6.0.9
  cpe:2.3:o:linux:linux_kernel:6.0.9
• Linux » Linux Kernel » Version: 6.1
  cpe:2.3:o:linux:linux_kernel:6.1