Linux Kernel Perf Subsystem Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's perf subsystem, specifically when handling sigtrap events. The issue arises if a related deferred signal has not been sent before the associated file is closed, leading to a hang during the event cleanup process. This situation occurs because the task_work_run() function removes pending callbacks from the task_struct, preventing task_work_cancel() from canceling any work items that have not yet been processed. As a result, the cancellation fails, causing a hang while waiting for the event to be freed. The vulnerability can be reproduced by opening a perf event for a process, closing the file descriptor, and then allowing an interrupt to occur before the event is properly cleaned up, creating a scenario where the pending task work cannot be canceled,

Impact

Exploitation of this vulnerability leads to a deadlock, causing the system to hang while waiting for the perf event to be released.

Reproduction

To reproduce this vulnerability, open a perf event for a specific process and then close the file descriptor. Allow an interrupt to occur before the event is fully cleaned up, which will create a pending task work that cannot be canceled. This will result in a deadlock, as the system hangs while waiting for the event to be freed.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.