Linux Kernel DAMON Context Corruption Vulnerability

A vulnerability in the Linux kernel's DAMON (Data Access Monitoring) subsystem can lead to the use of a corrupted context, potentially causing unexpected behavior such as a NULL pointer dereference. This issue arises during online parameter updates when the 'damon_commit_ctx()' function, which is responsible for committing context changes, fails due to internal memory allocation errors. Such failures can leave the context in a partially updated state, which DAMON may inadvertently use, leading to errors. Although the likelihood of this memory allocation failure occurring in practice is low, the consequences can be severe, necessitating a fix.

Impact

Exploitation of this vulnerability could cause DAMON to operate with a corrupted context, leading to incorrect behavior or a NULL pointer dereference, which could potentially be exploited to be executed in the kernel.

Reproduction

The vulnerability can be reproduced by triggering a memory allocation failure in the 'damon_commit_ctx()' function while updating DAMON parameters. This can be done by introducing a condition that causes the memory allocation to fail, such as exhausting available memory or simulating a memory allocation error. Once the allocation fails, the 'damon_ctx' object becomes partially updated and corrupted. If DAMON is then allowed to use this corrupted context, it can result in unexpected behaviors, including a NULL pointer dereference.

Remediation

The vulnerability has been addressed by introducing a 'maybe_corrupted' field in the 'damon_ctx' structure. This field is set to true when 'damon_commit_ctx()' fails, indicating that the context may be corrupted. The 'kdamond_call()' function has been modified to check this field and cancel remaining callback requests if a corruption is detected. All callers of 'kdamond_call()' also check the 'maybe_corrupted' field before proceeding, ensuring that DAMON does not use a potentially corrupted context.