Linux Kernel Ocelot DSA Driver Unbind RTNL Lock Vulnerability

A vulnerability exists in the Linux kernel's handling of the Ocelot switch driver when using the 'ocelot-8021q' tagging protocol. Unbinding the driver without the proper RTNL lock leads to assertion failures, as the driver removal process does not correctly manage the necessary synchronization. This issue can cause disruptions in the Data Switch Architecture (DSA) tree management, particularly for trees associated with the unbound switch.

Impact

The vulnerability can cause a kernel assertion failure, leading to a disruption in the normal operation of the DSA framework. This includes improper teardown of DSA trees, which can cause lingering effects on the network stack or other components relying on DSA.

Reproduction

To reproduce this vulnerability, bind a DSA switch driver that uses the 'ocelot-8021q' tagging protocol. Then, unbind the driver through the PCI driver unbind interface. This action will trigger the assertion failure because the driver removal process does not hold the required RTNL lock, causing the DSA tree associated with the switch to not be properly torn down.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.