Linux Kernel Arm64 Runtime Services Preemption Vulnerability

A vulnerability in the Linux kernel's handling of EFI runtime services on arm64 architecture has been identified. This issue arises from a real-time kernel version that improperly allows sleeping functions to be called from contexts where they are not permitted. The problem is linked to a recently introduced spinlock that was not correctly managed, leading to potential preemption issues. The vulnerability affects Linux kernel versions 6.1 and later, including the real-time variant 6.2.0-rc3-rt1.

Impact

The vulnerability can cause a kernel panic by allowing sleeping functions to be called from invalid contexts, disrupting the normal operation of the kernel's task scheduling and locking mechanisms.

Reproduction

The vulnerability can be reproduced by running a real-time Linux kernel version 6.2.0-rc3-rt1 on an Ampere Altra processor. The issue manifests when the kernel attempts to execute EFI runtime services, which are called with a different set of translation tables and can use SIMD registers. The context switch code does not preserve these registers or translation tables, so EFI calls must be made with preemption disabled. However, the introduced spinlock was not properly configured to prevent preemption, leading to the vulnerability.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed by changing the EFI runtime services lock from a regular spinlock to a raw spinlock, preventing unwanted preemption.