Linux Kernel Device Tree Error Handling Vulnerability in BAM DMA Engine

A vulnerability exists in the Linux kernel's handling of device tree properties for the Qualcomm BAM DMA engine. When a device tree lacks a specified clock, the BAM may not be properly activated, particularly in remotely-controlled or powered instances. The driver currently continues to probe with invalid device trees that omit crucial information, such as 'num-channels' and 'num-ees', relying instead on unpredictable boot firmware timing. This flaw has led to early boot crashes on several Qualcomm SoCs. The vulnerability arises from inadequate error handling, allowing the driver to read channel information from registers unsafely. The issue can be reproduced by using a faulty device tree that lacks the necessary 'num-channels' and 'num-ees' properties, which can be common in certain Qualcomm SoC configurations.

Impact

The vulnerability can cause early boot crashes on affected systems, disrupting the boot process and potentially leading to system instability.

Reproduction

To reproduce this vulnerability, use a device tree that does not specify a clock and is missing the 'num-channels' and 'num-ees' properties. This can occur with certain Qualcomm SoCs, particularly those that are remotely controlled or powered. The BAM DMA engine will attempt to probe channels from the registers, causing an unsafe reliance on boot firmware timing, which can lead to a crash.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux kernel documentation.