Linux Kernel DAMON Component Infinite Loop Vulnerability During Page Table Walk

A vulnerability in the Linux kernel's DAMON (Data Access Monitor) component can lead to an infinite loop during page table walks, causing a soft lockup. This issue occurs in versions of the Linux kernel through 6.5. The problem arises because DAMON's virtual address space operation calls the 'pte_offset_map_lock()' function to manage page table accessed bits. If this function fails, it retries by returning to the page table walk callback with 'ACTION_AGAIN'. However, this retry mechanism can create an infinite loop if the failure is due to a pmd migration entry, as the migration must be completed before the page table walk can resume. This vulnerability was reported to cause a soft lockup when CPU hotplugging and DAMON were running simultaneously.

Impact

Exploitation of this vulnerability leads to a soft lockup, where the system becomes unresponsive due to a process being stuck in a loop, preventing normal operations.

Reproduction

The vulnerability can be reproduced by running the DAMON component in parallel with CPU hotplugging. The DAMON virtual address space operation will call 'pte_offset_map_lock()' to read and write page table accessed bits. If this call fails due to a pmd migration entry, it will trigger a retry by returning 'ACTION_AGAIN'. This can create an infinite loop in the page table walk, causing a soft lockup as the system becomes unresponsive.

Remediation

Users can upgrade to the latest version of the Linux kernel to address this vulnerability. The issue has been fixed in the official Linux Git repository.