Linux Kernel VIRTCHNL2_CAP_MACFILTER Mutex to Spinlock Vulnerability

A vulnerability in the Linux kernel related to the IDPF driver has been addressed. When VIRTCHNL2_CAP_MACFILTER is enabled, a warning is generated during module loading, indicating that a sleeping function was called from an invalid context. This issue arises because the control queue mutex is held while the NetworkManager process is running, which can lead to improper handling of interrupts. The vulnerability was resolved by converting the mutex to a spinlock, allowing for safe operation without disrupting direct memory access operations.

Impact

The vulnerability could cause a kernel panic by leading to a deadlock situation, where the system becomes unresponsive due to improper handling of process scheduling and interrupt management.

Reproduction

The vulnerability can be reproduced by loading the IDPF module with VIRTCHNL2_CAP_MACFILTER enabled. This can be done by configuring a network interface to use the IDPF driver and enabling MAC filtering support. Once the module is loaded, the NetworkManager process will generate a warning indicating that a sleeping function was called from an invalid context, demonstrating the vulnerability.

Remediation

Users can apply the latest patches from the official Linux kernel repository, where this vulnerability has been addressed by converting the control queue mutex to a spinlock. Instructions for applying the patch can be found in the Linux kernel documentation.