CVE-2024-42096

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86: stop playing stack games in profile_pc()<br /> <br /> The &amp;#39;profile_pc()&amp;#39; function is used for timer-based profiling, which<br /> isn&amp;#39;t really all that relevant any more to begin with, but it also ends<br /> up making assumptions based on the stack layout that aren&amp;#39;t necessarily<br /> valid.<br /> <br /> Basically, the code tries to account the time spent in spinlocks to the<br /> caller rather than the spinlock, and while I support that as a concept,<br /> it&amp;#39;s not worth the code complexity or the KASAN warnings when no serious<br /> profiling is done using timers anyway these days.<br /> <br /> And the code really does depend on stack layout that is only true in the<br /> simplest of cases. We&amp;#39;ve lost the comment at some point (I think when<br /> the 32-bit and 64-bit code was unified), but it used to say:<br /> <br /> Assume the lock function has either no stack frame or a copy<br /> of eflags from PUSHF.<br /> <br /> which explains why it just blindly loads a word or two straight off the<br /> stack pointer and then takes a minimal look at the values to just check<br /> if they might be eflags or the return pc:<br /> <br /> Eflags always has bits 22 and up cleared unlike kernel addresses<br /> <br /> but that basic stack layout assumption assumes that there isn&amp;#39;t any lock<br /> debugging etc going on that would complicate the code and cause a stack<br /> frame.<br /> <br /> It causes KASAN unhappiness reported for years by syzkaller [1] and<br /> others [2].<br /> <br /> With no real practical reason for this any more, just remove the code.<br /> <br /> Just for historical interest, here&amp;#39;s some background commits relating to<br /> this code from 2006:<br /> <br /> 0cb91a229364 ("i386: Account spinlocks to the caller during profiling for !FP kernels")<br /> 31679f38d886 ("Simplify profile_pc on x86-64")<br /> <br /> and a code unification from 2009:<br /> <br /> ef4512882dbe ("x86: time_32/64.c unify profile_pc")<br /> <br /> but the basics of this thing actually goes back to before the git tree.