CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm:
turn folio_test_hugetlb into a PageType The current folio_test_hugetlb()
can be fooled by a concurrent folio split into returning true for a folio
which has never belonged to hugetlbfs. This can’t happen if the caller
holds a refcount on it, but we have a few places (memory-failure,
compaction, procfs) which do not and should not take a speculative
reference. Since hugetlb pages do not use individual page mapcounts (they
are always fully mapped and use the entire_mapcount field to record the
number of mappings), the PageType field is available now that
page_mapcount() ignores the value in this field. In compaction and with
CONFIG_DEBUG_VM enabled, the current implementation can result in an oops,
as reported by Luis. This happens since 9c5ccf2db04b (“mm: remove
HUGETLB_PAGE_DTOR”) effectively added some VM_BUG_ON() checks in the
PageHuge() testing path. [[email protected]: update vmcoreinfo] Link:
https://lkml.kernel.org/r/[email protected]