Linux Kernel QAT DMA Transfer Direction Vulnerability

A vulnerability in the Linux kernel's handling of Direct Memory Access (DMA) transfers for Intel QuickAssist Technology (QAT) crypto algorithms has been addressed. When the DMA API debugging feature is enabled, overlapping mappings can occur during self-tests, leading to warnings that such overlaps are not supported. This issue arises when the input and output scatter lists reference the same memory buffers, causing conflicting write mappings that the DMA layer cannot handle. The vulnerability has been fixed by correctly specifying the DMA transfer directions. For in-place operations where the input and output scatter lists are identical, buffers are now mapped once as bidirectional. In other cases, input buffers are mapped to the device and output buffers are mapped from the device. This adjustment allows for valid overlapping read and write mappings in DMA-coherent devices like QAT.

Impact

The vulnerability could lead to improper DMA mappings, causing potential data corruption or undefined behavior during cryptographic operations.

Reproduction

To reproduce this vulnerability, enable the CONFIG_DMA_API_DEBUG option in the Linux kernel. Then, run the crypto self-test on the QAT crypto algorithms. The test will trigger a warning about overlapping mappings, indicating the presence of the vulnerability.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version that includes this patch.