Linux Kernel Lockless Access Data-Race Vulnerability in IP Tunnels

A data-race vulnerability has been identified in the Linux kernel's handling of IP tunnels. This issue arises from lockless accesses to the 'needed_headroom' property of network devices during the transmission process. The vulnerability has been addressed by annotating these lockless accesses, but further modifications may be necessary for complete resolution.

Impact

Exploitation of this vulnerability leads to a data race condition, where two tasks access shared data concurrently, potentially causing inconsistent or unexpected behavior in the network stack.

Reproduction

The vulnerability can be reproduced by using IP GRE (Generic Routing Encapsulation) tunnels in the Linux kernel. When packets are transmitted over these tunnels, a data race occurs in the 'ip_tunnel_xmit' function, specifically when the 'needed_headroom' property is updated. This race condition can be observed using the Kernel Concurrency Sanitizer (KCSAN), which detects data races in the kernel code.