Linux Kernel ftrace Direct Functions Hash Cleanup Vulnerability

A vulnerability in the Linux kernel's ftrace functionality can lead to a general protection fault. This issue arises when the 'register_ftrace_direct' function fails, particularly in scenarios involving BPF (Berkeley Packet Filter) tracing. The failure to properly manage function entries can cause crashes by introducing non-canonical addresses into the system.

Impact

The vulnerability can be exploited to cause a general protection fault, leading to a crash of the affected system.

Reproduction

To reproduce this vulnerability, load a live patch that modifies a kernel function. Then, use 'bpftrace' to attach a tracing program to the modified function. This will initially fail, which is expected. However, repeating the tracing command will trigger the general protection fault, crashing the system. This occurs because the tracing entry is added to the 'direct_functions' list but not removed after the initial failure, causing a conflict that leads to the crash.