Linux Kernel BPF Map Freeze Mutex Vulnerability During Memory Mapping Operations

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) implementation has been addressed. The issue arose from holding the freeze_mutex during memory mapping operations of BPF map contents with writable permissions. This approach, while intended to prevent races between freezing and mapping operations, was overly broad and could lead to deadlocks. The vulnerability has been resolved by modifying the mutex handling: it is now held only during writeability checks, allowing the memory mapping process to proceed without unnecessary delays. If an error occurs during the mapping, the 'write active' counter is decremented, ensuring proper synchronization without the risk of deadlock.

Impact

The vulnerability could potentially lead to deadlocks, disrupting normal system operations by causing processes to hang indefinitely, waiting for resources that are no longer available.