CVE-2022-49764

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, which prevented bpf program recursion for raw tracepoint probes. The issue was caused by a bpf program attached to the contention begin raw tracepoint, triggering the same tracepoint by using the bpf trace printk helper, taking the trace printk lock lock. This could lead to warnings and potential issues. The problem can be reproduced by attaching a bpf program as a raw tracepoint on the contention begin tracepoint and running perf bench, forcing the spin lock code to take the slow path and call the contention begin tracepoint.

Recommendations To resolve the issue, the execution of the bpf program should be skipped if it is already running, using the bpf prog 'active' field. Additionally, moving bpf prog inc misses counter to syscall.c can help, as trampoline.c is compiled in just for the CONFIG BPF JIT option. At the moment, there is no information about a newer version that contains a fix for this vulnerability.