Linux Kernel batman-adv Double RTNL Lock Vulnerability in ELP Metric Worker

A vulnerability in the Linux kernel's batman-adv module can lead to a deadlock situation. The issue arises in the ELP metric worker function, which may be called while the RTNL lock is already held. This can create problems when the work queue item is canceled, as the standard cancellation process would cause a delay, potentially leading to a deadlock. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a deadlock, where the system becomes unresponsive because two or more processes are waiting for each other to release resources.

Reproduction

To reproduce this vulnerability, initiate the ELP metric worker process while the RTNL lock is held. Then, cancel the work queue item using the cancel_delayed_work_sync() function. This will create a deadlock situation, as the cancellation process will be delayed indefinitely, waiting for the ELP work item to complete, which it cannot do because the RTNL lock is still held.

Remediation

The vulnerability has been addressed by modifying the ELP metric worker function to use a non-blocking attempt to acquire the RTNL lock. This change prevents the deadlock by allowing the function to skip the ethtool information retrieval if the lock is already held.