Linux Kernel i40e Driver DMA Mapping Leak Vulnerability

A vulnerability in the Linux kernel's i40e Ethernet driver can lead to a memory allocation failure in the receive (Rx) descriptor ring. This issue arises during the reallocation of Rx buffers, where new Direct Memory Access (DMA) mappings are created for the buffers. The problem occurs because the driver frees the old buffers without properly handling the DMA mappings, leading to a leak. When the XDP (eXpress Data Path) program is loaded or unloaded, the driver needs to reallocate the Rx queues to avoid such leaks, but this process can be mishandled, causing the memory allocation failure.

Impact

The vulnerability can cause a driver crash by failing to allocate memory for the Rx descriptor ring, which is crucial for handling incoming network packets. This failure can disrupt network operations and potentially lead to a denial of service.

Reproduction

The vulnerability can be reproduced by using the 'ethtool' command to rapidly change the ring parameters for the Rx and Tx buffers on the affected network interface. This process creates new DMA mappings for the Rx buffers, which can lead to a crash when the driver fails to properly manage the memory allocation.

Remediation

The vulnerability has been addressed in the Linux kernel by modifying the i40e driver to properly handle DMA mappings when reallocating Rx buffers. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.