Linux Kernel GPU Scheduler Work Queue Handling Vulnerability

A vulnerability in the Linux kernel's GPU scheduler can lead to a null pointer dereference, causing a system crash. This issue arises during GPU reset tests, where the scheduler's 'ready' condition is improperly managed. The vulnerability affects several different versions and ranges of the Linux kernel.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a system crash.

Reproduction

The vulnerability can be reproduced by conducting an IGT GPU reset test. This test triggers a GPU fault that calls the 'drm_sched_fault' function, which is part of the interrupt service routine. If the 'drm_sched_fault' function is executed after the 'gfx_v9_0_cp_gfx_start' function, it sets the scheduler's 'ready' field to true, even for uninitialized schedulers. This sequence causes a null pointer dereference and a system crash. However, if the 'drm_sched_fault' function is completed before 'gfx_v9_0_cp_gfx_start', the null pointer dereference does not occur.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version to mitigate this issue.