Linux Kernel PLT Handling Vulnerability in Ftrace Module on Arm64 Architecture

A vulnerability in the Linux kernel's handling of Procedure Link Tables (PLTs) for modules using mcount-based function tracing has been identified on the Arm64 architecture. This issue arises when a module is loaded far from the kernel, creating PLTs for out-of-range branches that interfere with the ftrace mechanism. The problem was introduced by a previous commit that altered how PLTs are managed, leading to a failure in ftrace's ability to properly initialize call sites in affected modules. As a result, an out-of-tree module can cause the kernel to emit warnings about ftrace not being able to modify certain call sites, indicating a disruption in the expected function tracing behavior.

Impact

The vulnerability causes ftrace to fail in modifying call sites for function tracing, which can disrupt performance monitoring and debugging processes that rely on accurate function call tracking.

Reproduction

To reproduce this issue, load an out-of-tree module that uses mcount-based ftrace into a Linux kernel version that is affected by this vulnerability. The module should be loaded far from the kernel to trigger the creation of out-of-range PLTs. Once the module is loaded, ftrace will emit warnings indicating that it could not modify certain call sites, demonstrating the disruption caused by the vulnerability.

Remediation

Users can upgrade to a patched version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.