Linux Kernel RDMA/hns Soft Lockup Vulnerability

A soft lockup vulnerability has been identified in the Linux kernel's RDMA/hns component. This issue arises when the driver allocates buffer translation (BT) pages and maps them with buffer pages. When dealing with large buffers, such as memory regions (MR) over 100GB, the allocation process can require a significant number of loop iterations. This leads to a soft lockup, where the CPU becomes unresponsive for an extended period. The problem has been traced back to the 'hem_list_alloc_mid_bt' function, part of the 'hns_roce_hw_v2' driver.

Impact

Exploitation of this vulnerability causes a soft lockup, where the CPU becomes unresponsive for a prolonged period, disrupting normal system operations.

Reproduction

The vulnerability can be reproduced by allocating a memory region over 100GB in the RDMA/hns component of the Linux kernel. This allocation process will trigger a for-loop that can cause the CPU to become unresponsive, leading to a soft lockup.

Remediation

The vulnerability has been addressed by adding a 'cond_resched()' call to the loop allocation process. This adjustment allows the system to recover from the soft lockup without significantly impacting the performance of normal-sized buffer allocations.