Linux Kernel s390 ISM Driver Concurrency Management Vulnerability

A vulnerability in the Linux kernel's s390 ISM driver has been addressed, which involved improper concurrency management in the 'ism_cmd' function. The ISM device specification allows only one request-response sequence per function at any time, a requirement the driver previously ignored. This oversight could lead to commands being corrupted by overlapping processes from different CPUs, potentially causing invalid Direct Memory Access (DMA) errors. The issue was reported by a user experiencing connection failures and error states under certain workloads.

Impact

The vulnerability could cause commands to be partially or fully overwritten, leading to corrupted data being sent to the firmware. This corruption could manifest as invalid DMA operations, according to the PCI error reporting system.

Reproduction

The vulnerability can be reproduced by using the s390 ISM driver in a workload that generates concurrent command requests to the same ISM function. This can be done by manually sending multiple requests from different CPUs before the first request has been fully processed. The resulting error states can be observed in the system logs, where PCI functions report errors and indicate that the ISM driver does not support automatic error recovery.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel are available on the official Linux kernel website.