Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]mm/secretmem: fix use-after-free race in fault handler[EOL][EOL]When a page fault occurs in a secret memory file created with[EOL]`memfd_secret(2)`, the kernel will allocate a new folio for it, mark the[EOL]underlying page as not-present in the direct map, and add it to the file[EOL]mapping.[EOL][EOL]If two tasks cause a fault in the same page concurrently, both could end[EOL]up allocating a folio and removing the page from the direct map, but only[EOL]one would succeed in adding the folio to the file mapping.  The task that[EOL]failed undoes the effects of its attempt by (a) freeing the folio again[EOL]and (b) putting the page back into the direct map.  However, by doing[EOL]these two operations in this order, the page becomes available to the[EOL]allocator again before it is placed back in the direct mapping.[EOL][EOL]If another task attempts to allocate the page between (a) and (b), and the[EOL]kernel tries to access it via the direct map, it would result in a[EOL]supervisor not-present page fault.[EOL][EOL]Fix the ordering to restore the direct map before the folio is freed.