Linux Kernel GGTT Node Removal Process Unwinding Vulnerability

A vulnerability in the Linux kernel's graphics driver management can lead to a page fault error. This issue arises during the unmapping of memory-mapped input/output (MMIO) and graphics memory subsystem (GMS) mappings, particularly observed in the Xe graphics driver during virtual function initialization. The problem occurs because the asynchronous removal of certain Graphics Translation Table (GGTT) nodes is not properly synchronized, causing a supervisor write access page fault in kernel mode.

Impact

The vulnerability causes a page fault error in the kernel, specifically a 'not-present page' error, which can disrupt normal system operations and potentially lead to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by initializing a virtual function with the Xe graphics driver, which will trigger the unmanaged removal of GGTT nodes. This process can be monitored through the driver's workqueue, where pending node removals are processed. The lack of proper synchronization in this workflow will result in a page fault error, demonstrating the vulnerability.

Remediation

Users can apply the latest patches from the official Linux kernel repository, where this vulnerability has been addressed.