CVE-2023-54211

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing: Fix warning in trace_buffered_event_disable()<br /> <br /> Warning happened in trace_buffered_event_disable() at<br /> WARN_ON_ONCE(!trace_buffered_event_ref)<br /> <br /> Call Trace:<br /> ? __warn+0xa5/0x1b0<br /> ? trace_buffered_event_disable+0x189/0x1b0<br /> __ftrace_event_enable_disable+0x19e/0x3e0<br /> free_probe_data+0x3b/0xa0<br /> unregister_ftrace_function_probe_func+0x6b8/0x800<br /> event_enable_func+0x2f0/0x3d0<br /> ftrace_process_regex.isra.0+0x12d/0x1b0<br /> ftrace_filter_write+0xe6/0x140<br /> vfs_write+0x1c9/0x6f0<br /> [...]<br /> <br /> The cause of the warning is in __ftrace_event_enable_disable(),<br /> trace_buffered_event_enable() was called once while<br /> trace_buffered_event_disable() was called twice.<br /> Reproduction script show as below, for analysis, see the comments:<br /> ```<br /> #!/bin/bash<br /> <br /> cd /sys/kernel/tracing/<br /> <br /> # 1. Register a &amp;#39;disable_event&amp;#39; command, then:<br /> # 1) SOFT_DISABLED_BIT was set;<br /> # 2) trace_buffered_event_enable() was called first time;<br /> echo &amp;#39;cmdline_proc_show:disable_event:initcall:initcall_finish&amp;#39; &gt; \<br /> set_ftrace_filter<br /> <br /> # 2. Enable the event registered, then:<br /> # 1) SOFT_DISABLED_BIT was cleared;<br /> # 2) trace_buffered_event_disable() was called first time;<br /> echo 1 &gt; events/initcall/initcall_finish/enable<br /> <br /> # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was<br /> # set again!!!<br /> cat /proc/cmdline<br /> <br /> # 4. Unregister the &amp;#39;disable_event&amp;#39; command, then:<br /> # 1) SOFT_DISABLED_BIT was cleared again;<br /> # 2) trace_buffered_event_disable() was called second time!!!<br /> echo &amp;#39;!cmdline_proc_show:disable_event:initcall:initcall_finish&amp;#39; &gt; \<br /> set_ftrace_filter<br /> ```<br /> <br /> To fix it, IIUC, we can change to call trace_buffered_event_enable() at<br /> fist time soft-mode enabled, and call trace_buffered_event_disable() at<br /> last time soft-mode disabled.