Linux Kernel Net/Mlx5 Devlink Lock and Work Queue Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's net/mlx5 component, specifically within the devlink and work queue management. This issue arises when the esw->work_queue processes the esw_functions_changed_event_handler, which in turn calls the esw_vfs_changed_event_handler, acquiring the devlink lock. The deadlock occurs during the eswitch_mode_set operation, which also requires the devlink lock, leading to a conflict. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a deadlock, where two or more processes are unable to proceed because each is waiting for the other to release a resource, effectively halting progress.

Reproduction

The deadlock can be reproduced by triggering the esw_functions_changed_event_handler, which will execute the esw_vfs_changed_event_handler while the devlink lock is held. This can be done by simulating a change in the eswitch functions that is processed by the work queue, while concurrently initiating an operation that requires the devlink lock, such as changing the eswitch mode.

Remediation

The vulnerability has been addressed by modifying the event handling to prevent the deadlock. The work queue is no longer flushed, which avoids the deadlock scenario, and a generation counter has been introduced to track the relevance of the work being processed. This update ensures that the event handler can safely manage changes in the eswitch functions without causing a deadlock.