CVE-2022-49081

When CONFIGDEBUGKMAPLOCAL is enabled _kmaplocalsched{in,out} check that even slots in the tsk->kmapctrl.pteval are unmapped. The slots are initialized with 0 value, but the check is done with ptenone. 0 pte however does not necessarily mean that ptenone will return true. e.g. on xtensa it returns false, resulting in the following runtime warnings:

WARNING: CPU: 0 PID: 101 at mm/highmem.c:627 _kmaplocalschedout+0x51/0x108 CPU: 0 PID: 101 Comm: touch Not tainted 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dumpstack+0xc/0x40 _warn+0x8f/0x174 warnslowpathfmt+0x48/0xac _kmaplocalschedout+0x51/0x108 _schedule+0x71a/0x9c4 preemptscheduleirq+0xa0/0xe0 commonexceptionreturn+0x5c/0x93 dowppage+0x30e/0x330 handlemmfault+0xa70/0xc3c dopagefault+0x1d8/0x3c4 commonexception+0x7f/0x7f

WARNING: CPU: 0 PID: 101 at mm/highmem.c:664 _kmaplocalschedin+0x50/0xe0 CPU: 0 PID: 101 Comm: touch Tainted: G W 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dumpstack+0xc/0x40 _warn+0x8f/0x174 warnslowpathfmt+0x48/0xac _kmaplocalschedin+0x50/0xe0 finishtaskswitch$isra$0+0x1ce/0x2f8 _schedule+0x86e/0x9c4 preemptscheduleirq+0xa0/0xe0 commonexceptionreturn+0x5c/0x93 dowppage+0x30e/0x330 handlemmfault+0xa70/0xc3c dopagefault+0x1d8/0x3c4 commonexception+0x7f/0x7f

Fix it by replacing !ptenone(pteval) with pteval(pteval) != 0.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5fbda3ecd14a5343644979c98d6eb65b7e7de9d8

Fixed

c21d040de6225414547d9bd31cd200f290991c85

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5fbda3ecd14a5343644979c98d6eb65b7e7de9d8

Fixed

85550b0f5fa5dd3c30469ea702c44444ef242c83

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5fbda3ecd14a5343644979c98d6eb65b7e7de9d8

Fixed

7dd5b3b97716a611fcf67d92fd2370fcb8d50372

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5fbda3ecd14a5343644979c98d6eb65b7e7de9d8

Fixed

66f133ceab7456c789f70a242991ed1b27ba1c3d

Affected versions

v5.*

v5.10

v5.10-rc3

v5.10-rc4

v5.10-rc5

v5.10-rc6

v5.10-rc7

v5.11

v5.11-rc1

v5.11-rc2

v5.11-rc3

v5.11-rc4

v5.11-rc5

v5.11-rc6

v5.11-rc7

v5.12

v5.12-rc1

v5.12-rc1-dontuse

v5.12-rc2

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.4

v5.15.5

v5.15.6

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.16.1

v5.16.10

v5.16.11

v5.16.12

v5.16.13

v5.16.14

v5.16.15

v5.16.16

v5.16.17

v5.16.18

v5.16.19

v5.16.2

v5.16.3

v5.16.4

v5.16.5

v5.16.6

v5.16.7

v5.16.8

v5.16.9

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

v5.17.2

v5.18-rc1

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.34

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.16.20

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

5.17.3