CVE-2023-54211
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix warning in trace_buffered_event_disable()
Warning happened in trace_buffered_event_disable() at WARN_ON_ONCE(!trace_buffered_event_ref)
Call Trace: ? __warn+0xa5/0x1b0 ? trace_buffered_event_disable+0x189/0x1b0 __ftrace_event_enable_disable+0x19e/0x3e0 free_probe_data+0x3b/0xa0 unregister_ftrace_function_probe_func+0x6b8/0x800 event_enable_func+0x2f0/0x3d0 ftrace_process_regex.isra.0+0x12d/0x1b0 ftrace_filter_write+0xe6/0x140 vfs_write+0x1c9/0x6f0 […]
The cause of the warning is in __ftrace_event_enable_disable(), trace_buffered_event_enable() was called once while trace_buffered_event_disable() was called twice. Reproduction script show as below, for analysis, see the comments:
#!/bin/bash
cd /sys/kernel/tracing/
# 1. Register a 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was set;
# 2) trace_buffered_event_enable() was called first time;
echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
# 2. Enable the event registered, then:
# 1) SOFT_DISABLED_BIT was cleared;
# 2) trace_buffered_event_disable() was called first time;
echo 1 > events/initcall/initcall_finish/enable
# 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was
# set again!!!
cat /proc/cmdline
# 4. Unregister the 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was cleared again;
# 2) trace_buffered_event_disable() was called second time!!!
echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
To fix it, IIUC, we can change to call trace_buffered_event_enable() at fist time soft-mode enabled, and call trace_buffered_event_disable() at last time soft-mode disabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 < 1488d782c9e43087a3f341b8186cd25f3cf75583 | affected |
| Linux | Linux | 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 < b4f4ab423107dc1ba8e9cc6488c645be6403d3f5 | affected |
| Linux | Linux | 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 < cdcc35e6454133feb61561b4e0d0c80e52cbc2ba | affected |
| Linux | Linux | 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 < a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074 | affected |
| Linux | Linux | 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 < 813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20 | affected |
| Linux | Linux | 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 < a3a3c7bddab9b6c5690b20796ef5e332b8c48afb | affected |
| Linux | Linux | 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 < 528c9d73153754defb748f0b96ad33308668d817 | affected |
| Linux | Linux | 0fc1b09ff1ff404ddf753f5ffa5cd0adc8fdcdc9 < dea499781a1150d285c62b26659f62fb00824fce | affected |
| Linux | Linux | 4.7 | affected |
| Linux | Linux | 0 < 4.7 | unaffected |
| Linux | Linux | 4.14.322 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.291 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.253 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.190 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.124 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.43 <= 6.1.* | unaffected |
| Linux | Linux | 6.4.8 <= 6.4.* | unaffected |
| Linux | Linux | 6.5 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/1488d782c9e43087a3f341b8186cd25f3cf75583
- https://git.kernel.org/stable/c/b4f4ab423107dc1ba8e9cc6488c645be6403d3f5
- https://git.kernel.org/stable/c/cdcc35e6454133feb61561b4e0d0c80e52cbc2ba
- https://git.kernel.org/stable/c/a6d2fd1703cdc8ecfc3e73987e0fb7474ae2b074
- https://git.kernel.org/stable/c/813cede7b2f5a4b1b75d2d4bb4e705cc8e063b20
- https://git.kernel.org/stable/c/a3a3c7bddab9b6c5690b20796ef5e332b8c48afb
- https://git.kernel.org/stable/c/528c9d73153754defb748f0b96ad33308668d817
- https://git.kernel.org/stable/c/dea499781a1150d285c62b26659f62fb00824fce
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.