mm: hugetlb: conditionally disable tlb_remove_table_sync_one() in huge_pmd_unshare()

Rafael Aquini · Rafael Aquini · commit 4d2480fb6884 · 2025-12-01T12:56:35.000-05:00
JIRA: https://issues.redhat.com/browse/RHEL-127602 Upstream status: RHEL-only This patch is a forward-port of RHEL-8 commit commit a910211a8a80a263d541186b17341f97ba47be0c Author: Rafael Aquini <raquini@redhat.com> Date: Mon Oct 13 12:47:59 2025 -0400 mm: hugetlb: conditionally disable tlb_remove_table_sync_one() in huge_pmd_unshare() JIRA: https://issues.redhat.com/browse/RHEL-120391 Upstream status: RHEL-only Provide a way to waive-off the mitigation introduced for CVE-2025-38085 as it was reported causing severe performance degradation for some customer workloads. P.S.: we are keeping the "no-cve-2025-38085" waiving alias to waive "CVE-2025-38085" because that was the option programmed on the stop-gap scratch build support has handed over to several customers. By keeping that longer waiving string we avoid these customers having to reconfigure their kernel cmdline once they update to a patched official build. Signed-off-by: Rafael Aquini <raquini@redhat.com> NOTE: this forward-port works depends on RHEL-122981 / MR 7534 commits Signed-off-by: Rafael Aquini <raquini@redhat.com>
diff --git a/Documentation/admin-guide/rh-waived-items.rst b/Documentation/admin-guide/rh-waived-items.rst
@@ -27,3 +27,9 @@ The waived items listed in the next session follow the pattern below:
 List of Red Hat Waived Items
 ============================
 
+- CVE-2025-38085
+        Waiving this mitigation can help with addressing perceived performace
+        degradation on some workloads utilizing huge-pages [1] at the expense
+        of re-introducing conditions to allow for the data race that leads to
+        the enumerated common vulnerability.
+        [1] https://access.redhat.com/solutions/7132440
diff --git a/include/linux/rh_waived.h b/include/linux/rh_waived.h
@@ -10,6 +10,7 @@
 #define _RH_WAIVED_H
 
 enum rh_waived_items {
+	CVE_2025_38085,
 	/* RH_WAIVED_ITEMS must always be the last item in the enum */
 	RH_WAIVED_ITEMS,
 };
diff --git a/kernel/rh_waived.c b/kernel/rh_waived.c
@@ -53,6 +53,8 @@ struct rh_waived_item {
 
 /* Always use the marco RH_INSERT_WAIVED to insert items to this array. */
 struct rh_waived_item rh_waived_list[RH_WAIVED_ITEMS] = {
+	RH_INSERT_WAIVED_ITEM(CVE_2025_38085, "CVE-2025-38085",
+			      "no-cve-2025-38085", RH_WAIVED_CVE),
 };
 
 /*
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
@@ -45,6 +45,7 @@
 #include <linux/hugetlb_cgroup.h>
 #include <linux/node.h>
 #include <linux/page_owner.h>
+#include <linux/rh_waived.h>
 #include "internal.h"
 #include "hugetlb_vmemmap.h"
 
@@ -7205,8 +7206,14 @@ int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma,
 	 * using this page table as a normal, non-hugetlb page table.
 	 * Wait for pending gup_fast() in other threads to finish before letting
 	 * that happen.
+	 *
+	 * RHEL-120391: some customers reported severe interference/performance
+	 * degradation on particular database workloads, thus we are including
+	 * a waiving flag to allow for disabling this CVE mitigation
 	 */
-	tlb_remove_table_sync_one();
+	if (likely(!is_rh_waived(CVE_2025_38085)))
+		tlb_remove_table_sync_one();
+
 	put_page(virt_to_page(ptep));
 	mm_dec_nr_pmds(mm);
 	return 1;
