Linux Kernel Driver Core Deadlock Vulnerability

A potential deadlock vulnerability has been identified in the Linux kernel's driver core, specifically within the '__driver_attach' function. This issue arises when asynchronous probing is allowed, and the system encounters memory shortages or work limits, forcing a synchronous execution that can lead to a deadlock. The vulnerability can be reproduced by disabling the hung task timeout, which allows the problematic conditions to occur.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, where the system becomes unresponsive due to conflicting lock management in the driver attachment process.

Reproduction

The vulnerability can be reproduced by disabling the hung task timeout, which prevents the kernel from signaling a task as 'stuck'. This can be done by echoing '0' into the 'hung_task_timeout_secs' parameter. Once this is set, the conditions that trigger the deadlock can be observed, as the '__driver_attach_async_helper' function attempts to acquire a device lock while the system is unable to process asynchronous tasks, creating a circular wait situation.

Remediation

The deadlock can be resolved by moving the 'async_schedule_dev' call outside of the 'device_lock' section, allowing asynchronous operations to be queued without holding the lock, which would otherwise lead to a deadlock.