Linux Kernel Persistent Ring Buffer Mmap Vulnerability Causes Kernel Crash

A vulnerability in the Linux kernel's tracing subsystem has been addressed, which involved improper handling of the persistent ring buffer during memory mapping operations. When attempting to map a trace instance buffer linked to reserved memory, the kernel would crash due to an unhandled page fault. This issue arose because the mapping code used a function that does not support virtual memory that has been mapped with 'vmap()', leading to a page fault error. The vulnerability could be triggered by performing a memory map operation on a persistent buffer, which would result in a device not found error, similar to the response when the mmap field is not defined in the file_operations structure.

Impact

The vulnerability leads to a kernel crash due to an unhandled page fault, caused by improper memory mapping of the persistent ring buffer.

Reproduction

The vulnerability can be reproduced by mapping a trace instance buffer that is attached to reserved memory. This can be done by using the mmap() system call on a persistent ring buffer, which is managed by the tracing subsystem. The improper handling of the buffer will cause the kernel to crash, demonstrating the vulnerability.

Remediation

The vulnerability has been resolved by disabling the mmap() operation for persistent ring buffers that use the reserve_mem option. Users should ensure they are running a version of the Linux kernel that includes this fix.