This series addresses two security vulnerabilities (CVE-2023-0597 [1], CVE-2023-3640 [2]) in the x86 memory management subsystem, alongside prerequisite [3] patches necessary for stable integration. [PATCH 5.10/5.15/6.1 1/5] x86/kasan: Map shadow for percpu pages on demand Ensures KASAN shadow mapping on demand for per-CPU pages. [PATCH 5.10/5.15/6.1 2/5] x86/mm: Recompute physical address for every page of per-CPU CEA mapping Calculates accurate physical addresses across CPU entry areas. [PATCH 5.10/5.15/6.1 3/5] x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area Populates KASAN shadow memory for debugging across CPU entry areas. [PATCH 5.10/5.15/6.1 4/5] x86/mm: Randomize per-cpu entry area Randomizes the per-CPU entry area to reduce the risk of information leakage due to predictable memory layouts, especially in systems without KASLR, as described in CVE-2023-0597 [1]. [PATCH 5.10/5.15/6.1 5/5] x86/mm: Do not shuffle CPU entry areas without KASLR Prevents CPU entry area shuffling when KASLR is disabled, mitigating information leakage risks, as stated in CVE-2023-3640 [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-0597 [2] https://nvd.nist.gov/vuln/detail/CVE-2023-3640 [3] https://patchwork.ozlabs.org/project/ubuntu-kernel/cover/20230903234603.859937-1-cengiz.can@xxxxxxxxxxxxx/#3176047
