Linux Kernel GuC Exec Queue Deregistration Vulnerability in DRM/xe Component

A vulnerability exists in the Linux kernel's DRM/xe subsystem related to the management of execution queues through the GuC (Graphics Microcontroller) interface. During normal operations, execution queues are properly disabled and deregistered via the GuC, with resources released only after receiving confirmation of completion from the GuC. However, if the driver is unbound while an execution queue is still active, it can lead to a situation where the exec_destroy() function is called after the GuC has been halted and communication disabled. This disconnect prevents the driver from cleaning up execution queue resources correctly, causing a resource management issue. The vulnerability has been addressed by modifying the resource release process to occur directly when the GuC is not operational.

Impact

The vulnerability can lead to an unclean state in the GuC ID manager, causing resource management issues that may affect the stability and performance of the graphics subsystem.

Reproduction

To reproduce this vulnerability, bind a driver that utilizes the GuC for execution queue management. While an execution queue is actively running, unbind the driver, which will stop the GuC and disable communication. After the GuC has been halted, manually call the exec_destroy() function. This sequence will create a scenario where the driver cannot receive the necessary response from the GuC to complete the cleanup process, leaving resources improperly managed.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.