Linux Kernel SMC Subsystem Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's Shared Memory Communication (SMC) subsystem. This issue arises in versions through 6.1.0-20221027.rc2.git8.56bc5b569087.300.fc36.s390x, where the 'cancel_delayed_work_sync()' function can create a circular locking dependency. The deadlock occurs because 'cancel_delayed_work_sync()' waits for a work item to finish, while that work item is simultaneously waiting for another task to complete, leading to a standstill.

Impact

Exploitation of this vulnerability causes a deadlock, where two or more processes are unable to proceed because each is waiting for the other to release a resource.

Reproduction

The deadlock can be reproduced by invoking the 'cancel_delayed_work_sync()' function on a work item that is still being processed. This can be done within the SMC link group termination process, where the 'free_work' and 'tx_wq' work items can create a circular dependency, causing the deadlock.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched version can be found in the Linux kernel official repository.