Home

CVE-2026-23100

Description

In the Linux kernel, the following vulnerability has been resolved:mm/hugetlb: fix hugetlb_pmd_shared()Patch series mm/hugetlb: fixes for PMD table sharing (incl. usingmmu_gather), v3.One functional fix, one performance regression fix, and two relatedcomment fixes.I cleaned up my prototype I recently shared [1] for the performance fix,deferring most of the cleanups I had in the prototype to a later point. While doing that I identified the other things.The goal of this patch set is to be backported to stable trees fairlyeasily. At least patch #1 and #4.Patch #1 fixes hugetlb_pmd_shared() not detecting any sharingPatch #2 + #3 are simple comment fixes that patch #4 interacts with.Patch #4 is a fix for the reported performance regression due to excessiveIPI broadcasts during fork()+exit().The last patch is all about TLB flushes, IPIs and mmu_gather.Read: complicatedThere are plenty of cleanups in the future to be had + one reasonableoptimization on x86. But thats all out of scope for this series.Runtime tested, with a focus on fixing the performance regression usingthe original reproducer [2] on x86.This patch (of 4):We switched from (wrongly) using the page count to an independent sharedcount. Now, shared page tables have a refcount of 1 (excludingspeculative references) and instead use ptdesc->pt_share_count to identifysharing.We didnt convert hugetlb_pmd_shared(), so right now, we would neverdetect a shared PMD table as such, because sharing/unsharing no longertouches the refcount of a PMD table.Page migration, like mbind() or migrate_pages() would allow for migratingfolios mapped into such shared PMD tables, even though the folios are notexclusive. In smaps we would account them as private although they areshared, and we would be wrongly setting the PM_MMAP_EXCLUSIVE in thepagemap interface.Fix it by properly using ptdesc_pmd_is_shared() in hugetlb_pmd_shared().

Risk Information

Base Score
4.4
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS Score
Exploitation Probability
0.038

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234