[lvc-project] [PATCH v2 5.10/5.15/6.1 0/5] x86/mm: backport fixes for CVE-2023-0597 and CVE-2023-3640

[Vasiliy Kovalev]

Link: https://www.cve.org/CVERecord/?id=CVE-2023-0597
Link: https://www.cve.org/CVERecord/?id=CVE-2023-3640

v1: https://lore.kernel.org/all/20241112224201.289285-1-kovalev@altlinux.org/

v2: fix the regression causing kernel boot failures when both
CONFIG_RANDOMIZE_BASE=y and CONFIG_KASAN=y are enabled, instead of backporting
commit d4150779e60f ("random32: use real rng for non-deterministic randomness"),
which would bring in additional fixing commits:

4051a81774d6 ("locking/lockdep: Use sched_clock() for random numbers")
327b18b7aaed ("mm/kfence: select random number before taking raw lock")
f05ccf6a6ac6 ("crypto: testmgr - fix RNG performance in fuzz tests")

replaced the random number generator function (prandom -> random) with in
commit dcd5ba760e89 ("x86/mm: Randomize per-cpu entry area"):

- cea = prandom_u32_max(max_cea);
+ cea = (u32)(((u64) get_random_u32() * max_cea) >> 32);

This change will replicate the behavior as if the fixing
commit d4150779e60f ("random32: use real rng for non-deterministic randomness")
had been applied.

[PATCH v2 5.10/5.15/6.1 1/5] x86/kasan: Map shadow for percpu pages on demand
[PATCH v2 5.10/5.15/6.1 2/5] x86/mm: Recompute physical address for every page of
[PATCH v2 5.10/5.15/6.1 3/5] x86/mm: Populate KASAN shadow for entire per-CPU range of
[PATCH v2 5.10/5.15/6.1 4/5] x86/mm: Randomize per-cpu entry area
[PATCH v2 5.10/5.15/6.1 5/5] x86/mm: Do not shuffle CPU entry areas without KASLR