Linux Kernel DMA Engine Hisilicon Multi-Threading Support Vulnerability Causes System Hang and Oops Error

A vulnerability in the Linux kernel's DMA engine support for Hisilicon devices can lead to a system hang and an 'Oops' error when a DMA channel is used simultaneously by multiple threads. This issue arises because the threads overwrite the channel's descriptor, causing a data race. The DMA driver mistakenly believes it is using the correct descriptor in the interrupt handler, while another thread has already changed it. As a result, the interrupt from the actual descriptor goes unhandled, leading to a timeout error. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel panic, leading to an 'Oops' error and a system hang.

Reproduction

To reproduce this vulnerability, load the 'dmatest' module and set the 'threads_per_chan' parameter to 100, the 'iterations' parameter to 100, and the 'run' parameter to 1. This will initiate a DMA test that simulates multi-threaded access to a DMA channel, triggering the vulnerability.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version.