Linux Kernel PREEMPT_RT Boot Parameter Tracing Vulnerability

A vulnerability in the Linux kernel's PREEMPT_RT version has been identified, related to the handling of boot parameters for tracing initialization calls. When specific tracing parameters are set, the kernel's output function is invoked while holding a spin lock in a context that does not allow sleeping. This issue arises because, in the PREEMPT_RT kernel, regular spin locks are replaced with sleepable real-time spin locks, leading to a violation of context requirements. The vulnerability was triggered by enabling the 'trace_event=initcall:initcall_start tp_printk=1' parameters, causing a sleeping function to be called from an invalid context, as reported in the kernel's locking spinlock real-time file.

Impact

The vulnerability causes a kernel panic by introducing a sleeping function in an inappropriate context, disrupting normal kernel operations.

Reproduction

To reproduce this vulnerability, boot the Linux kernel with the PREEMPT_RT option enabled and set the boot parameters 'trace_event=initcall:initcall_start tp_printk=1'. This configuration will trigger the vulnerability by causing a sleeping function to be called from an invalid context, leading to a kernel panic.

Remediation

The vulnerability has been addressed by modifying the trace event handling to use a non-sleeping spin lock when the PREEMPT_RT kernel is active and the tracing parameters are enabled.