Linux Kernel 8250 Serial Driver DMA Transaction Management Vulnerability

A vulnerability in the Linux kernel's 8250 serial driver can lead to a deadlock in transmitting data over Direct Memory Access (DMA). This issue arises because the function 'dmaengine_terminate_async' does not ensure that the '__dma_tx_complete' callback is executed. The callback is crucial as it clears the 'tx_running' status of the DMA transaction. If the callback is skipped, the 'tx_running' flag remains set, preventing the scheduling of new DMA transmissions, which can disrupt data flow and cause communication issues.

Impact

This vulnerability can cause a transmission deadlock, where new DMA transactions cannot be scheduled, potentially leading to data loss or communication failures.

Reproduction

The vulnerability can be reproduced by initiating a DMA transmission using the 8250 serial driver, then canceling the transaction before the '__dma_tx_complete' callback has a chance to run. This can be done by terminating the DMA channel asynchronously, which will not clear the 'tx_running' flag, creating a blockage in the transmission process.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.