mm: Fix CVE-2022-2590 by reverting "mm/shmem: unconditionally set pte dirty in mfill_atomic_install_pte" (!1243) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

David Hildenbrand requested to merge davidhildenbrand/centos-stream-9:bz2116301 into main Aug 08, 2022

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2116301 CVE: CVE-2022-2590 Upstream Status: RHEL only Tested: My reproducer no longer triggers with this patch.

CVE-2022-2590 allows for modifying shmem/tmpfs files without write permissions on x86_64 and aarch64 with CONFIG_USERFAULTFD=y. For now, it's sufficient to revert the problematic commit. If we ever need it again (e.g., for extended uffd-wp support), we might want to re-apply it along with an upstream fix that's still pending.

This reverts commit 61fedfa8.

Signed-off-by: David Hildenbrand david@redhat.com

mm: Fix CVE-2022-2590 by reverting "mm/shmem: unconditionally set pte dirty in mfill_atomic_install_pte"

Merge request reports