Linux Kernel Deadlock Vulnerability in Hibernate Compressor Parameter Handling

A deadlock vulnerability has been identified in the Linux kernel's hibernate feature, specifically within the function hibernate_compressor_param_set(). The issue arises when a write operation to the hibernate compressor parameter conflicts with the registration of ieee80211 devices, leading to a deadlock. This occurs because the system_transition_mutex is being locked while another lock, param_lock, is already held, creating a circular dependency. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a deadlock, causing the system to hang indefinitely while waiting for a lock to be released.

Reproduction

The vulnerability can be reproduced by writing to the '/sys/module/hibernate/parameters/compressor' file while the ieee80211 device registration is in progress. This can be done by initiating a hibernate operation that triggers the device registration process, creating a conflict that results in a deadlock.

Remediation

The vulnerability has been addressed by modifying the hibernate_compressor_param_set() function to use a non-blocking lock attempt with mutex_trylock() for the system_transition_mutex. This change prevents the function from waiting for the mutex to be released, thereby avoiding the deadlock situation.