Linux Kernel Shadow Stack Sigreturn Deadlock Prevention Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's handling of shadow stack sigreturn on x86 architectures. During the sigreturn process, the kernel reads the shadow stack signal frame, which can lead to a deadlock if a page fault occurs. This happens because the fault handler attempts to acquire another mmap read lock, which can conflict with a writer on a different CPU, causing a deadlock. The vulnerability affects Linux kernel versions that support the X86_USER_SHADOW_STACK configuration, which is default in SMP kernels.

Impact

Exploitation of this vulnerability can lead to a deadlock condition, causing the system to hang indefinitely while waiting for a resource to become available.

Reproduction

The vulnerability can be reproduced by triggering a sigreturn operation while another CPU is holding a write lock, causing the second read lock acquisition to fail and create a deadlock. This can be done by manipulating shadow stack operations in a multi-threaded environment.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.