Linux Kernel BPF Cgroup Storage Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's BPF cgroup storage management. This issue arises when BPF programs recursively access task storage helpers, leading to a deadlock scenario. The vulnerability was introduced with the implementation of cgroup storage for non-cgroup-attached BPF programs, where improper handling of the storage's busy counter allowed for a deadlock to occur. Exploitation involves using BPF programs to manipulate cgroup storage pointers, creating a situation where the storage management functions block each other, causing a deadlock.

Impact

Exploitation of this vulnerability leads to a deadlock condition, where processes are stuck waiting for each other to release resources, causing a halt in execution and potentially leading to a denial of service situation.

Reproduction

The vulnerability can be reproduced by running a BPF program that attaches to cgroup storage pointers and recursively calls BPF functions that manipulate storage management. While this program is running, another BPF program can be executed that interacts with the same cgroup storage, creating a deadlock by causing the storage management functions to block each other.

Remediation

The vulnerability has been addressed in the Linux kernel by modifying the cgroup storage management to properly handle the storage's busy counter, ensuring that resources are managed correctly and preventing deadlock situations.