Linux Kernel Coresight TMC Event Handle Path Vulnerability

A vulnerability in the Linux kernel's Coresight TMC (Trace Memory Controller) component has been addressed. The issue involved the absence of an event handle in the Coresight path, which is crucial for accessing the AUX_EVENT of each CPU in performance mode. This handle has now been added to the Coresight path, allowing dependent devices to retrieve it when necessary. The vulnerability could lead to a kernel paging request error, as demonstrated by a reproducible bug using the 'perf' command to record events, which triggered an 'oops' error indicating an inability to manage a paging request at a specific virtual address. This error was part of a call trace that included several Coresight-related functions, highlighting the impact of the missing event handle on the Coresight performance monitoring capabilities.

Impact

The vulnerability could cause a kernel paging request error, disrupting normal operations and potentially leading to a system crash or instability.

Reproduction

The vulnerability can be reproduced by using the 'perf' command to record events from the Coresight ETM (Embedded Trace Macrocell) performance event, targeting CPUs 0 through 9. This command should be piped to 'dd' to discard the output, which triggers the error by attempting to access a virtual address that is not properly managed, due to the missing event handle in the Coresight path.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux kernel documentation.