Linux Kernel lpfc Hard Lockup Vulnerability in rx_monitor Debugfs Read

A vulnerability in the Linux kernel's lpfc SCSI driver can cause a hard lockup when the rx_monitor file in debugfs is read while I/O operations are ongoing. This issue arises because the spin lock used in the lpfc_rx_monitor_report function does not adequately protect against timer interrupts, leading to a race condition. The problem can be reproduced by simultaneously performing I/O operations and reading the rx_monitor file, which may trigger a kernel panic due to the lockup.

Impact

Exploitation of this vulnerability leads to a hard lockup of the system, causing a kernel panic and disrupting normal operations.

Reproduction

To reproduce this vulnerability, initiate I/O operations on a system running the affected Linux kernel version. While the I/O is in progress, read the rx_monitor file located in the debugfs under the lpfc function directory. This simultaneous access can cause a hard lockup, as the spin lock in place fails to properly manage timer interrupts, creating a conflict that leads to a system hang.

Remediation

Users can apply the official patch available in the Linux kernel stable tree to address this vulnerability. The patch modifies the spin lock in the lpfc_rx_monitor_report function to better handle timer interrupts, preventing the hard lockup issue.