Linux Kernel Hash MMU SLB Preload Cache Inconsistency Vulnerability

A vulnerability exists in the Linux kernel on systems using the hash Memory Management Unit (MMU). The issue arises from a software SLB (Segment Lookup Buffer) preload cache that mirrors entries in the hardware SLB buffer. This preload cache is periodically cleared, typically after 256 context switches, to remove outdated entries. To enhance performance, the kernel bypasses the 'switch_mmu_context()' function when the previous and next memory structures are identical. However, this can create discrepancies between the hardware and software SLB caches. If an SLB entry is removed from the software cache on one CPU and the same process runs on another CPU without a context switch, the hardware SLB may retain outdated entries. Attempting to reload these entries can cause an SLB multi-hit error, disrupting normal operations.

Impact

The vulnerability can lead to an SLB multi-hit error, causing inconsistencies in the SLB management and potentially disrupting process execution on affected CPUs.

Reproduction

The vulnerability can be reproduced by running a process on a CPU with the hash MMU, allowing it to evict an SLB entry from the software preload cache. Then, without executing a proper MMU context switch, migrate the process back to a CPU that has not invalidated the SLB entry, which will trigger the multi-hit error.

Remediation

The vulnerability has been addressed in a patch that removes the redundant preload functions, ensuring that the SLB caches remain consistent. This patch is available in the Linux kernel stable tree.