Linux Kernel Ring-Buffer Soft Lockup Vulnerability

A soft lockup vulnerability has been identified in the Linux kernel's ring-buffer implementation, specifically when reading from the 'trace_pipe' file. This issue causes a deadlock, where the CPU becomes unresponsive for an extended period. The problem arises because the 'ring_buffer_empty_cpu()' function detects non-empty buffers, but the 'rb_num_of_entries()' function consistently returns zero. As a result, the system enters an infinite loop, repeatedly checking for entries that are never delivered to the user buffer.

Impact

The vulnerability leads to a soft lockup, causing the system to become unresponsive and unable to process tasks for a significant duration.

Reproduction

The vulnerability can be reproduced by reading from the 'trace_pipe' file while the ring-buffer is not properly cleared. This can be done by reducing the ring-buffer size without fully clearing the 'entries' data, leaving behind dirty 'entries' that are incorrectly counted as 'overrun'.

Remediation

The vulnerability has been addressed in Linux kernel commits 0a29dae5786d263016a9aceb1e56bf3fd4cc6fa0, 27bdd93e44cc28dd9b94893fae146b83d4f5b31e, 5e68f1f3a20fe9b6bde018e353269fbfa289609c, 8b0b63fdac6b70a45614e7d4b30e5bbb93deb007, bb14a93bccc92766b1d9302c6bcbea17d4bce306, and e84829522fc72bb43556b31575731de0440ac0dd.