CVE-2022-49778

In the Linux kernel, the following vulnerability has been resolved:

arm64/mm: fix incorrect filemapcount for non-leaf pmd/pud

The page table check trigger BUG_ON() unexpectedly when collapse hugepage:

------------[ cut here ]------------ kernel BUG at mm/pagetablecheck.c:82! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750 Hardware name: linux,dummy-virt (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : pagetablecheckclear.isra.0+0x258/0x3f0 lr : pagetablecheckclear.isra.0+0x240/0x3f0 [...] Call trace: pagetablecheckclear.isra.0+0x258/0x3f0 _pagetablecheckpmdclear+0xbc/0x108 pmdpcollapseflush+0xb0/0x160 collapsehugepage+0xa08/0x1080 hpagecollapsescanpmd+0xf30/0x1590 khugepagedscanmmslot.constprop.0+0x52c/0xac8 khugepaged+0x338/0x518 kthread+0x278/0x2f8 retfromfork+0x10/0x20 [...]

Since pmduseraccessiblepage() doesn't check if a pmd is leaf, it decrease filemapcount for a non-leaf pmd comes from collapsehugepage(). and so trigger BUGON() unexpectedly.

Fix this problem by using pmdleaf() insteal of pmdpresent() in pmduseraccessiblepage(). Moreover, use pudleaf() for puduseraccessible_page() too.