Linux Kernel PREEMPT_RT Context Check Vulnerability in kmalloc_nolock()

A vulnerability exists in the Linux kernel's handling of memory allocation in PREEMPT_RT environments. The issue arises because the kmalloc_nolock() function does not properly account for scenarios where preemption is disabled. This oversight can lead to the function attempting to acquire a sleeping lock, which is not permissible in certain contexts, causing a kernel panic. The vulnerability is present in the Linux kernel's stable releases that include the PREEMPT_RT configuration.

Impact

Exploitation of this vulnerability can lead to a kernel panic, where the system becomes unresponsive and requires a reboot.

Reproduction

To reproduce this vulnerability, a BPF program can be executed from a tracepoint with preemption disabled. The kmalloc_nolock() function will then call local_lock_irqsave(), attempting to acquire a sleeping lock and triggering a 'BUG: sleeping function called from invalid context' error. This indicates that the function was called from a non-preemptible context, which is not allowed on PREEMPT_RT kernels.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.