Linux Kernel net/mlx5e Deadlock Vulnerability in Traffic Control Route Query

A deadlock vulnerability has been identified in the Linux kernel's net/mlx5e component, specifically within the traffic control (tc) route query process. This issue arises when peer flows are established while holding the device communication (devcom) read-write semaphore, leading to an ABBA deadlock scenario. The problem is exacerbated by the peer flows offload implementation, which requires the lock to be acquired higher up the call chain, creating a complex situation that is not easily resolvable. The deadlock can occur when the 'comp.sem' lock is held while trying to acquire the 'esw->offloads.encap_tbl_lock', as demonstrated by the circular locking dependency warning. The vulnerability affects Linux kernel versions through 6.3.0-rc3.

Impact

Exploitation of this vulnerability leads to a deadlock, where the system becomes unresponsive due to circular locking dependencies. This is evidenced by a warning of a possible circular locking dependency detected, followed by a stack trace showing the locks held by the process, indicating a deadlock situation.

Reproduction

The vulnerability can be reproduced by creating peer flows in the mlx5e component while holding the devcom read-write semaphore. This can be done by triggering the traffic control route query process, which will attempt to acquire locks in a way that creates a circular dependency, causing a deadlock.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version to mitigate this issue.