CVE-2024-53088

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i40e: fix race condition by adding filter&amp;#39;s intermediate sync state<br /> <br /> Fix a race condition in the i40e driver that leads to MAC/VLAN filters<br /> becoming corrupted and leaking. Address the issue that occurs under<br /> heavy load when multiple threads are concurrently modifying MAC/VLAN<br /> filters by setting mac and port VLAN.<br /> <br /> 1. Thread T0 allocates a filter in i40e_add_filter() within<br /> i40e_ndo_set_vf_port_vlan().<br /> 2. Thread T1 concurrently frees the filter in __i40e_del_filter() within<br /> i40e_ndo_set_vf_mac().<br /> 3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which<br /> refers to the already freed filter memory, causing corruption.<br /> <br /> Reproduction steps:<br /> 1. Spawn multiple VFs.<br /> 2. Apply a concurrent heavy load by running parallel operations to change<br /> MAC addresses on the VFs and change port VLANs on the host.<br /> 3. Observe errors in dmesg:<br /> "Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX,<br /> please set promiscuous on manually for VF XX".<br /> <br /> Exact code for stable reproduction Intel can&amp;#39;t open-source now.<br /> <br /> The fix involves implementing a new intermediate filter state,<br /> I40E_FILTER_NEW_SYNC, for the time when a filter is on a tmp_add_list.<br /> These filters cannot be deleted from the hash list directly but<br /> must be removed using the full process.