CVE-2025-39899

In the Linux kernel, the following vulnerability has been resolved:

mm/userfaultfd: fix kmaplocal LIFO ordering for CONFIGHIGHPTE

With CONFIGHIGHPTE on 32-bit ARM, movepagespte() maps PTE pages using kmaplocal_page(), which requires unmapping in Last-In-First-Out order.

The current code maps dstpte first, then srcpte, but unmaps them in the same order (dstpte, srcpte), violating the LIFO requirement. This causes the warning in kunmaplocalindexed():

WARNING: CPU: 0 PID: 604 at mm/highmem.c:622 kunmaplocalindexed+0x178/0x17c addr != __fixtovirt(FIXKMAPBEGIN + idx)

Fix this by reversing the unmap order to respect LIFO ordering.

This issue follows the same pattern as similar fixes: - commit eca6828403b8 ("crypto: skcipher - fix mismatch between mapping and unmapping order") - commit 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename")

Both of which addressed the same fundamental requirement that kmap_local operations must follow LIFO ordering.