Linux Kernel Tracepoint Registration Failure Vulnerability

A vulnerability exists in the Linux kernel's handling of tracepoint function registration. When a tracepoint is activated, the kernel calls a registration function before adding the probe. If the addition fails, particularly under memory pressure, the error is returned without calling the corresponding unregistration function. This oversight leaves residual effects from the registration, such as an increased reference count for syscall tracepoints, which can lead to unnecessary overhead until the system is rebooted. This issue can create a persistent state that affects system performance.

Impact

The vulnerability causes a memory leak by leaving the syscall tracepoint reference count at a non-zero value, without an active consumer. This results in every task incurring the overhead of syscall trace entry and exit operations, which continues until the system is rebooted.

Reproduction

To reproduce this vulnerability, add a function to a tracepoint that is currently inactive. If the function addition fails due to memory constraints, the corresponding unregistration function will not be called. This can be verified by checking the syscall tracepoint reference count, which will remain elevated without an active consumer, causing ongoing trace overhead for each task until a reboot.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version available in the Linux kernel stable tree.