Linux Kernel Hugetlb Subpool Reservation Vulnerability

A vulnerability in the Linux kernel's memory management for huge pages has been identified. This issue arises in the hugetlb subpool reservation system, where global page requests were incorrectly managed, leading to an unusable subpool. The problem was introduced by a previous fix that aimed to correct an underflow error in the reservation system. The vulnerability allows a subpool to falsely indicate available resources, which can disrupt memory allocation processes.

Impact

The vulnerability causes hugetlb subpool reservations to become ineffective, as the 'used_hpages' counter can incorrectly reflect available resources. This mismanagement can lead to allocation failures, with the subpool unable to recover or restore its functionality.

Reproduction

To reproduce this vulnerability, first allocate four hugetlb pages. Then, create a hugetlb mount with a maximum of four pages and a minimum of two. After consuming two pages globally, request three pages from the subpool, which will include two from the subpool and one from the global pool. The request will succeed, but the global page allocation will fail, leaving the subpool in a state where it believes it can only allocate three more pages, despite having none actually available. This process can be repeated until the subpool's 'used_hpages' counter reaches its maximum limit, at which point all future allocation attempts from the subpool will fail.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.