Linux Kernel Invalid Wait Context Vulnerability in Performance Event Scheduling

A vulnerability has been identified in the Linux kernel's performance event scheduling, specifically in versions prior to 6.15.0. The issue arises when a pinned event fails and inadvertently wakes up threads in the ring buffer, leading to an invalid wait context. This problem occurs because the event scheduling process improperly manages wait-queue locks under the performance context lock. The vulnerability can be reproduced by simulating a scenario where a pinned event fails and interacts with the thread ring buffer, causing the event scheduler to mishandle wait-queue locks.

Impact

Exploitation of this vulnerability leads to an invalid wait context, where the event scheduler incorrectly manages wait-queue locks. This can cause synchronization issues within the kernel, potentially leading to more severe problems such as deadlocks or race conditions.

Reproduction

The vulnerability can be reproduced by creating a pinned performance event that is deliberately failed. This can be done by simulating an error condition for the event while it is pinned, causing it to wake up threads in the ring buffer. The improper handling of wait-queue locks under the performance context lock will then create an invalid wait context, which can be observed as a bug report in the kernel log.

Remediation

Users can upgrade to Linux kernel version 6.15.0 or later, where this vulnerability has been addressed.