Linux Kernel RDMA/Irdma CQP Completion Statistics Data Race Vulnerability

A data race vulnerability has been identified in the Linux kernel's RDMA/Irdma component, specifically within the handling of Completion Queue Pair (CQP) completion statistics. This vulnerability arises because the CQP completion stats are read without proper synchronization in the 'irdma_wait_event' and 'irdma_check_cqp_progress' functions. Meanwhile, these stats can be concurrently updated by the 'irdma_sc_ccq_get_cqe_info' completion thread running on a different CPU, leading to inconsistent data. The issue has been addressed by changing the completion statistics to an atomic variable, ensuring coherent updates and preventing potential logic bugs from compiler optimizations.

Impact

The vulnerability could lead to a data race condition, where simultaneous read and write operations on the CQP completion statistics could cause inconsistencies and unpredictable behavior in the RDMA/Irdma component.

Reproduction

The vulnerability can be reproduced by loading the Irdma driver as a kernel module, which will trigger the data race condition. This can be done by using the 'modprobe' command to load the Irdma module, or by compiling the Irdma driver into the kernel and booting with it active. Once the module is loaded, the data race can be observed by monitoring the CQP completion statistics, which will show inconsistencies due to the lack of proper synchronization.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The patch is included in the official Linux kernel repositories.