Linux Kernel AF_XDP Race Condition Vulnerability in Generic RX Path

A race condition vulnerability has been identified in the Linux kernel's AF_XDP generic receive (RX) path. This issue arises from improper synchronization in shared user memory (umem) mode, where multiple sockets can access the same RX queue, leading to potential data races. The vulnerability affects the RX path of sockets sharing a single xsk_buff_pool, with the RX queue being exclusive to each xsk_socket. The problem can occur when two CPU cores access the RX path of different sockets that share the same umem, creating a race condition. The vulnerability has been addressed by moving the RX lock from the xsk_socket to the xsk_buff_pool, ensuring proper synchronization and protecting both the RX and fill queues by acquiring a spinlock in the shared xsk_buff_pool.

Impact

Exploitation of this vulnerability could lead to a race condition, allowing for concurrent access issues in the AF_XDP generic RX path, potentially causing data corruption or unexpected behavior in applications using this feature.