Linux Kernel ENETC Driver Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel ENETC (Ethernet Network Controller) driver, specifically on the LS1028A platform running a real-time (RT) kernel. The issue arises from the recursive acquisition of a read lock, enetc_mdio_lock, which leads to a thread hang. This deadlock occurs when the enetc_poll function acquires the read lock, and a higher-priority writer attempts to acquire the lock, causing preemption. The writer, finding the read lock already held, is scheduled out. Meanwhile, readers in the enetc_poll context cannot reacquire the read lock because a writer is waiting, resulting in a deadlock. Call stacks under the enetc_poll path have been identified that may lead to this deadlock.

Impact

The vulnerability causes a deadlock, where threads hang indefinitely, waiting for locks to be released, which can disrupt normal operations and processing.

Reproduction

The deadlock can be reproduced by applying the workaround for err050089 on the LS1028A platform with the RT kernel. This will trigger the recursive lock acquisition in the ENETC driver, leading to RCU stalls and a thread hang.

Remediation

The deadlock has been addressed by modifying the ENETC driver to prevent recursive acquisitions of the MDIO lock. Users should ensure they are running a version of the Linux kernel that includes this fix.