Linux Kernel PowerPC RTAS Device Tree Lookup Vulnerability During Panic

A vulnerability in the Linux kernel's PowerPC RTAS implementation can lead to a hang condition during a kernel panic. The issue arises in the 'rtas_os_term()' function, which is called during panic and relies on conditions from the device tree. This traversal can cause locking issues and disrupt local IRQ states. If a panic occurs while the device tree lock is engaged, 'rtas_os_term()' may hang indefinitely. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause the system to hang during a kernel panic, potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by causing a kernel panic while the device tree lock is held. This can be done by triggering a panic in the 'rtas_os_term()' function before the device tree lookups are cached at boot.

Remediation

The vulnerability has been addressed by modifying 'rtas_os_term()' to cache the necessary device tree properties at boot time, rather than during a panic. This change is included in the latest Linux kernel updates.