Linux Kernel Blktrace Preemption Vulnerability

A vulnerability in the Linux kernel's blktrace functionality allows for improper handling of per-CPU variables in a preemptible context. This issue arises because the function 'tracing_record_cmdline' uses '__this_cpu_read' and '__this_cpu_write' on the per-CPU variable 'trace_cmdline_save'. The 'trace_save_cmdline' function requires preemption to be disabled, as these operations are intended to be called from the scheduler context. However, '__blk_add_trace' was invoking 'tracing_record_cmdline' early in the blktracer path, before reserving space in the ring buffer, and while preemption was still enabled. This mismanagement can lead to corruption in the ftrace system, as demonstrated by the failure of blktrace test 002, which specifically checks for such ftrace corruption with sysfs tracing.

Impact

Exploiting this vulnerability causes a bug to be triggered, indicating the unsafe use of per-CPU read operations in a preemptible context. This can lead to corruption in the blktrace ftrace system, disrupting normal tracing operations and potentially causing loss of critical trace data.

Reproduction

The vulnerability can be reproduced by running the blktrace test suite, specifically test 002, which is designed to expose ftrace corruption issues. This test can be found in the blktests suite, under the 'blktrace' category.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.