Linux Kernel JALR Instruction Simulation Vulnerability in RISC-V Kprobes

A vulnerability in the Linux kernel's handling of JALR instructions during instruction simulation for RISC-V kprobes has been identified. This issue can lead to a kernel crash when the VFS write operation is performed. The crash occurs because the kernel attempts to access user memory without using the appropriate user access routines, causing a fault. The vulnerability is present in Linux kernel version 6.2.0-rc2 and has been linked to the instruction simulation of kprobes, where the JALR instruction's target address is not correctly processed, particularly when the source and destination registers are the same.

Impact

Exploitation of this vulnerability causes a kernel crash due to improper handling of memory access, leading to a fault when the kernel tries to read user memory without the necessary access routines.

Reproduction

The vulnerability can be reproduced by setting a kprobe on a JALR instruction that targets a user memory address. When the kprobe is triggered, the instruction simulation fails to correctly handle the memory access, leading to a crash. This issue can be observed during the VFS write operation, where the kernel encounters an unhandled access to user memory, causing a fault and a subsequent crash.