Linux Kernel Performance Events Throttling Vulnerability Leading to Undefined Behavior

A vulnerability in the Linux kernel's performance events subsystem can cause undefined behavior by improperly handling inactive events during throttling. When performance monitoring unit (PMU) drivers encounter a negative index from a stopped event, it triggers a shift-out-of-bounds error, as reported by Undefined Behavior Sanitizer (UBSAN). This issue arises when a group leader event, set to sample very frequently, disables a child event, leaving its hardware index at -1. During throttling, the kernel mistakenly attempts to start or stop this inactive event, causing the PMU driver to receive an invalid index for bitwise operations, which leads to the UBSAN report.

Impact

The vulnerability causes performance monitoring events to be incorrectly managed, leading to potential undefined behavior in the kernel's event handling.

Reproduction

The vulnerability can be reproduced by creating a performance event group with a leader event that samples aggressively, while simultaneously disabling a child event in the group. This process leaves the child event's hardware index at -1. When the kernel throttles the group, it incorrectly tries to start or stop the disabled child event, which results in the PMU driver receiving the invalid index and generating a UBSAN shift-out-of-bounds error.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version.