CVE-2025-68211

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ksm: use range-walk function to jump over holes in scan_get_next_rmap_item<br /> <br /> Currently, scan_get_next_rmap_item() walks every page address in a VMA to<br /> locate mergeable pages. This becomes highly inefficient when scanning<br /> large virtual memory areas that contain mostly unmapped regions, causing<br /> ksmd to use large amount of cpu without deduplicating much pages.<br /> <br /> This patch replaces the per-address lookup with a range walk using<br /> walk_page_range(). The range walker allows KSM to skip over entire<br /> unmapped holes in a VMA, avoiding unnecessary lookups. This problem was<br /> previously discussed in [1].<br /> <br /> Consider the following test program which creates a 32 TiB mapping in the<br /> virtual address space but only populates a single page:<br /> <br /> #include <br /> #include <br /> #include <br /> <br /> /* 32 TiB */<br /> const size_t size = 32ul * 1024 * 1024 * 1024 * 1024;<br /> <br /> int main() {<br /> char *area = mmap(NULL, size, PROT_READ | PROT_WRITE,<br /> MAP_NORESERVE | MAP_PRIVATE | MAP_ANON, -1, 0);<br /> <br /> if (area == MAP_FAILED) {<br /> perror("mmap() failed\n");<br /> return -1;<br /> }<br /> <br /> /* Populate a single page such that we get an anon_vma. */<br /> *area = 0;<br /> <br /> /* Enable KSM. */<br /> madvise(area, size, MADV_MERGEABLE);<br /> pause();<br /> return 0;<br /> }<br /> <br /> $ ./ksm-sparse &amp;<br /> $ echo 1 &gt; /sys/kernel/mm/ksm/run <br /> <br /> Without this patch ksmd uses 100% of the cpu for a long time (more then 1<br /> hour in my test machine) scanning all the 32 TiB virtual address space<br /> that contain only one mapped page. This makes ksmd essentially deadlocked<br /> not able to deduplicate anything of value. With this patch ksmd walks<br /> only the one mapped page and skips the rest of the 32 TiB virtual address<br /> space, making the scan fast using little cpu.