Merge: mm: hugetlb: conditionally disable tlb_remove_table_sync_one() in huge_pmd_unshare()

CKI KWF Bot · CKI KWF Bot · commit bcee6184c313 · 2025-12-05T10:21:09.000Z
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/7655 JIRA: https://issues.redhat.com/browse/RHEL-127602 Upstream status: RHEL-only Depends: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/7534 Provide a way to waive-off the mitigation introduced for CVE-2025-38085 as it was reported causing severe performance degradation for some customer workloads. Signed-off-by: Rafael Aquini <raquini@redhat.com> Approved-by: Jan Stancek <jstancek@redhat.com> Approved-by: Luiz Capitulino <luizcap@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: CKI GitLab Kmaint Pipeline Bot <26919896-cki-kmaint-pipeline-bot@users.noreply.gitlab.com>
diff --git a/Documentation/admin-guide/rh-waived-items.rst b/Documentation/admin-guide/rh-waived-items.rst
@@ -27,3 +27,9 @@ The waived items listed in the next session follow the pattern below:
 List of Red Hat Waived Items
 ============================
 
+- CVE-2025-38085
+        Waiving this mitigation can help with addressing perceived performace
+        degradation on some workloads utilizing huge-pages [1] at the expense
+        of re-introducing conditions to allow for the data race that leads to
+        the enumerated common vulnerability.
+        [1] https://access.redhat.com/solutions/7132440
diff --git a/include/linux/rh_waived.h b/include/linux/rh_waived.h
@@ -10,6 +10,7 @@
 #define _RH_WAIVED_H
 
 enum rh_waived_items {
+	CVE_2025_38085,
 	/* RH_WAIVED_ITEMS must always be the last item in the enum */
 	RH_WAIVED_ITEMS,
 };
diff --git a/kernel/rh_waived.c b/kernel/rh_waived.c
@@ -53,6 +53,8 @@ struct rh_waived_item {
 
 /* Always use the marco RH_INSERT_WAIVED to insert items to this array. */
 struct rh_waived_item rh_waived_list[RH_WAIVED_ITEMS] = {
+	RH_INSERT_WAIVED_ITEM(CVE_2025_38085, "CVE-2025-38085",
+			      "no-cve-2025-38085", RH_WAIVED_CVE),
 };
 
 /*
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
@@ -45,6 +45,7 @@
 #include <linux/hugetlb_cgroup.h>
 #include <linux/node.h>
 #include <linux/page_owner.h>
+#include <linux/rh_waived.h>
 #include "internal.h"
 #include "hugetlb_vmemmap.h"
 
@@ -7208,8 +7209,14 @@ int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma,
 	 * using this page table as a normal, non-hugetlb page table.
 	 * Wait for pending gup_fast() in other threads to finish before letting
 	 * that happen.
+	 *
+	 * RHEL-120391: some customers reported severe interference/performance
+	 * degradation on particular database workloads, thus we are including
+	 * a waiving flag to allow for disabling this CVE mitigation
 	 */
-	tlb_remove_table_sync_one();
+	if (likely(!is_rh_waived(CVE_2025_38085)))
+		tlb_remove_table_sync_one();
+
 	put_page(virt_to_page(ptep));
 	mm_dec_nr_pmds(mm);
 	return 1;
