Linux Kernel net/mlx5e Regular RQ Reactivation Crash Vulnerability

A vulnerability in the Linux kernel's net/mlx5e component can lead to a crash when the regular receive queue (RQ) is reactivated after an XSK socket is closed. This issue arises because the RQ may read stale completion queue entries, corrupting the RQ and causing a crash during the next closure or deactivation. The problem was reported by Kal Cuttler Conley, who experienced a crash while using the xdpsock sample program under certain conditions.

Impact

The vulnerability causes a crash in the system when the regular receive queue is deactivated or closed, disrupting ongoing traffic and potentially leading to a loss of data.

Reproduction

The vulnerability can be reproduced by closing an XSK socket while traffic is running, and then reactivating the regular receive queue. This sequence can be performed using the xdpsock sample program, which demonstrates the issue by stopping and restarting while traffic is active.

Remediation

The vulnerability has been addressed in a patch that flushes all completion queue entries during the receive queue flush, preventing the read of stale entries. This patch is available in the Linux kernel stable tree.