Linux Kernel IPsec MAC Address Query Scheduling While Atomic Vulnerability

A scheduling while atomic vulnerability has been identified in the Linux kernel's IPsec MAC address query process, specifically within the mlx5e component. This issue arises because the function mlx5_query_mac_address() is called in a context that does not allow sleeping, yet it involves a hardware query that can pause execution. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a 'scheduling while atomic' condition, where a sleeping operation is attempted in a context that does not permit it, potentially causing system instability or crashes.

Reproduction

The vulnerability can be reproduced by triggering an IPsec event that requires MAC address initialization. This will invoke the mlx5e_ipsec_handle_event function, which processes the event in an atomic context. During this process, the mlx5_query_mac_address function is called, attempting to query the MAC address from the hardware. However, this operation can sleep, leading to the 'scheduling while atomic' bug. The call trace of this issue includes several mlx5_core functions, indicating the sequence of operations that result in the vulnerability.

Remediation

The vulnerability has been addressed by modifying the IPsec MAC initialization function to directly copy the MAC address from the net device structure, avoiding the need for a sleeping hardware query. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.