CVE-2024-44995 - Linux Kernel Vulnerability in net: hns3 Fixed, Avoiding Deadlock When Configuring TC During Reset

A new vulnerability, tagged as CVE-2024-44995, has been discovered in the Linux kernel's network subsystem. This vulnerability involves a deadlock problem when configuring the TC (Traffic Control) during a PF (Physical Function) reset in the hns3 driver. The issue can lead to an instability in the system, impacting network performance and potentially resulting in a system crash.

To give more context, let's take a look at the execution flow causing the deadlock

pf reset start
  ?
  ?
setup tc
  ?                            ?
  ?                      DOWN: napi_disable()
napi_disable()(skip)          ?
  ?                            ?
  ?                            ?
  ?                            ?
  ?                            ?
napi_enable()                 ?
                                ?
                          UINIT: netif_napi_del()
                                ?
                                ?
......                         ?
                                ?
                                ?
                          INIT: netif_napi_add()
                                ?
                                ?
......                 global reset start
                                ?                      ?
                                ?                      ?
                         UP: napi_enable()(skip)    ......
                                ?                      ?  
                                ?                      ?
......                 napi_disable()

You can find the original patch here.

During the PF reset process, the driver will bring the port DOWN and go through the UINIT process. However, if TC configuration takes place before the UINIT process, the port will be UP again, resulting in a deadlock situation.

To resolve this vulnerability, a patch has been introduced to add an additional DOWN process in the UINIT stage. This ensures that the port remains DOWN throughout the UINIT process and prevents the deadlock.

Here's a code snippet from the patch that adds the extra DOWN process

    static void hns3_napi_del(struct hns3_enet_tqp_vector *tqp_vector)
    {
        ...
+       if (test_bit(__EVT_INITED, &tqp_vector->event))
+               napi_disable(&tqp_vector->napi);

	netif_napi_del(&tqp_vector->napi);
	...
    }

If you are using the Linux kernel with hns3 driver, it is highly recommended to update your kernel to the latest version with this fix. This will protect your system from experiencing a potential deadlock problem when configuring TC during the reset process.

While the vulnerability might not be relevant to every user, maintaining an up-to-date kernel is an excellent defense in-depth practice for enhancing overall system security and performance.

Timeline

Published on: 09/04/2024 20:15:08 UTC
Last modified on: 09/06/2024 16:28:37 UTC