Linux Kernel DAIF Masking Vulnerability in ARM64 Stack Switching Functions

A vulnerability has been identified in the Linux kernel's handling of stack switches in ARM64 architecture, specifically within the 'cpu_switch_to()' and 'call_on_irq_stack()' functions. These functions manage transitions between different stacks and the Shadow Call Stack (SCS) when enabled. However, the stack changes cannot be performed atomically and can be disrupted by SErrors or Debug Exceptions. Such interruptions may cause a mismatch in the stacks and SCS, leading to corrupted stack states. This issue is particularly problematic when 'CONFIG_ARM64_PSEUDO_NMI' is enabled, as it allows the CPU to receive pseudo-NMI interrupts during critical stack switching processes, potentially causing unpredictable kernel panics.

Impact

The vulnerability can lead to kernel panics by causing tasks to return to incorrect addresses on the Shadow Call Stack, or to the IRQ Shadow Call Stack, which can trigger panics through certain configurations.

Remediation

The vulnerability has been addressed by modifying the 'cpu_switch_to()' and 'call_on_irq_stack()' functions to properly mask and restore the DAIF register, ensuring consistent behavior across different configurations. Users should upgrade to the latest version of the Linux kernel where this vulnerability has been patched.