Linux Kernel Device Probing Deadlock Vulnerability During Hibernate Resume

A deadlock vulnerability has been identified in the Linux kernel's device probing process, specifically when resuming from hibernation. This issue arises from a race condition involving the probe_count variable, which can lead to a hung task. The deadlock occurs because the snapshot_open function, called during the resume process, waits for the probe_count to reach zero. However, if a device being probed becomes unresponsive or if new probe requests arrive before previous ones are completed, the count may not drop, causing the process to hang indefinitely. This vulnerability is particularly relevant for systems using the /dev/raw-gadget interface to emulate USB devices, as these can block the probing process and create the deadlock scenario.

Impact

Exploitation of this vulnerability can lead to a deadlock, where the system hangs indefinitely, waiting for a device probe to complete that never does.

Reproduction

The vulnerability can be reproduced by resuming a system from hibernation while a process is emulating a USB device via the /dev/raw-gadget interface. The emulating process should be blocked by an uninterruptible operation, such as holding a mutex lock, preventing the probe_count from decrementing to zero. This creates a conflict with the device probing process, leading to an AB-BA deadlock scenario.

Remediation

The vulnerability has been addressed by modifying the hibernation resume process to defer the device probing wait until after the snapshot has been fully processed. Users should ensure they are running a version of the Linux kernel that includes this patch.