Linux Kernel Reference Count Leak Vulnerability in perf_mmap() Handling

A vulnerability in the Linux kernel's performance monitoring subsystem has been addressed. When the perf_mmap() function fails to allocate a buffer, it erroneously triggers the event_mapped() callback for the associated event. This behavior can lead to an unintended increase in the perf_rdpmc_allowed reference counter on x86 systems. The issue arises because the perf_mmap_close() function is not called to reverse this change, resulting in a reference count leak. The vulnerability has been fixed by modifying the code to return early when perf_mmap() allocation fails, preventing the callback from being invoked and eliminating the reference count leak.

Impact

The vulnerability could cause a reference count leak, which may lead to memory management issues.

Reproduction

The vulnerability can be reproduced by invoking the perf_mmap() function in a scenario where it fails to allocate a buffer. This failure should occur on an x86 system, where the event_mapped() callback will be triggered, increasing the perf_rdpmc_allowed reference counter. Since perf_mmap_close() is not called to address this, the reference count leak will persist.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.