CVE-2023-54211

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix warning in tracebufferedevent_disable()

Warning happened in tracebufferedeventdisable() at WARNONONCE(!tracebufferedeventref)

Call Trace: ? __warn+0xa5/0x1b0 ? tracebufferedevent_disable+0x189/0x1b0 __ftraceeventenabledisable+0x19e/0x3e0 freeprobedata+0x3b/0xa0 unregisterftracefunctionprobefunc+0x6b8/0x800 eventenablefunc+0x2f0/0x3d0 ftraceprocessregex.isra.0+0x12d/0x1b0 ftracefilterwrite+0xe6/0x140 vfswrite+0x1c9/0x6f0 [...]

The cause of the warning is in _ftraceeventenabledisable(), tracebufferedeventenable() was called once while tracebufferedeventdisable() was called twice. Reproduction script show as below, for analysis, see the comments:

#!/bin/bash

cd /sys/kernel/tracing/

# 1. Register a 'disable_event' command, then:
#    1) SOFT_DISABLED_BIT was set;
#    2) trace_buffered_event_enable() was called first time;
echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \
    set_ftrace_filter

# 2. Enable the event registered, then:
#    1) SOFT_DISABLED_BIT was cleared;
#    2) trace_buffered_event_disable() was called first time;
echo 1 > events/initcall/initcall_finish/enable

# 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was
#    set again!!!
cat /proc/cmdline

# 4. Unregister the 'disable_event' command, then:
#    1) SOFT_DISABLED_BIT was cleared again;
#    2) trace_buffered_event_disable() was called second time!!!
echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \
    set_ftrace_filter
 

To fix it, IIUC, we can change to call tracebufferedeventenable() at fist time soft-mode enabled, and call tracebufferedeventdisable() at last time soft-mode disabled.