CVE-2023-54211: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix warning in trace_buffered_event_disable()

Warning happened in trace_buffered_event_disable() at WARN_ON_ONCE(!trace_buffered_event_ref)

Call Trace: ? __warn+0xa5/0x1b0 ? trace_buffered_event_disable+0x189/0x1b0 __ftrace_event_enable_disable+0x19e/0x3e0 free_probe_data+0x3b/0xa0 unregister_ftrace_function_probe_func+0x6b8/0x800 event_enable_func+0x2f0/0x3d0 ftrace_process_regex.isra.0+0x12d/0x1b0 ftrace_filter_write+0xe6/0x140 vfs_write+0x1c9/0x6f0 [...]

The cause of the warning is in __ftrace_event_enable_disable(), trace_buffered_event_enable() was called once while trace_buffered_event_disable() was called twice. Reproduction script show as below, for analysis, see the comments:

#!/bin/bash

cd /sys/kernel/tracing/

# 1. Register a 'disable_event' command, then:
#    1) SOFT_DISABLED_BIT was set;
#    2) trace_buffered_event_enable() was called first time;
echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \
    set_ftrace_filter

# 2. Enable the event registered, then:
#    1) SOFT_DISABLED_BIT was cleared;
#    2) trace_buffered_event_disable() was called first time;
echo 1 > events/initcall/initcall_finish/enable

# 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was
#    set again!!!
cat /proc/cmdline

# 4. Unregister the 'disable_event' command, then:
#    1) SOFT_DISABLED_BIT was cleared again;
#    2) trace_buffered_event_disable() was called second time!!!
echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \
    set_ftrace_filter

To fix it, IIUC, we can change to call trace_buffered_event_enable() at fist time soft-mode enabled, and call trace_buffered_event_disable() at last time soft-mode disabled.