Linux Kernel vgem Fence Release Deadlock Vulnerability

A potential deadlock vulnerability has been identified in the Linux kernel's vgem fence handling. This issue arises because a timer, which automatically expires a vgem fence after 10 seconds, is released using 'timer_delete_sync()' from the fence's release operation. In certain scenarios, this can occur in an IRQ context, which is unsafe unless 'TIMER_IRQSAFE' is applied. The problem was observed in an Intel DRM CI trybot on a machine running a specific test that replaced some problematic cases of a dma-fence-chain self-test.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, where the system becomes unresponsive due to conflicting lock states.

Reproduction

The vulnerability can be reproduced by running the Intel DRM CI trybot with the 'syncobj_timeline@stress-*' subtests on a machine that uses the vgem driver. This will trigger the unsafe timer handling that can lead to a deadlock.

Remediation

The vulnerability has been addressed by modifying the timer setup to use 'TIMER_IRQSAFE', ensuring safe operation in IRQ contexts.