Linux Kernel KASAN Deadlock Prevention Vulnerability

A potential deadlock vulnerability in the Linux kernel's KASAN (Kernel Address Sanitizer) has been addressed. The issue arose because the function 'find_vm_area()' could not be called in an atomic context, leading to a deadlock scenario when KASAN reported virtual memory area information. This vulnerability was particularly problematic in PREEMPT_RT kernels, where certain lock dependencies could cause 'find_vm_area()' to block, while in non-RT kernels, it could trigger a lockdep warning. The vulnerability affected the Linux kernel stable tree.

Impact

The vulnerability could lead to a deadlock situation, where two CPU threads become stuck waiting for each other to release locks, causing a halt in processing.

Reproduction

The vulnerability can be reproduced by invoking 'find_vm_area()' within KASAN's reporting process while the 'report_lock' is held. This can be done by triggering a KASAN report for an invalid memory access, which will cause the KASAN reporting functions to run. If 'find_vm_area()' is called during this process, it can create a deadlock by causing the kernel to wait indefinitely, as the function tries to acquire a lock that is already held, while also being interrupted by a softirq that accesses invalid memory.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux Kernel Archives.