Linux Kernel Pipe Handling Vulnerability in 9p Trans_fd Component

A vulnerability in the Linux kernel's 9p trans_fd component can lead to hung tasks when closing file descriptors that refer to pipes. The issue arises because the p9_fd_close() function fails to interrupt ongoing blocking read or write operations on pipe file descriptors, which can cause tasks to hang. While socket file descriptors are non-blocking, pipe file descriptors block unless a signal is pending. The vulnerability occurs because the p9_fd_open() function does not set the O_NONBLOCK flag for pipe file descriptors, leading to improper handling when the file descriptor is closed.

Impact

The vulnerability can cause tasks to hang indefinitely, waiting for a read or write operation on a pipe to complete, which can disrupt normal system operations and potentially lead to a denial-of-service condition.

Remediation

The vulnerability has been addressed by modifying the p9_fd_open() function to set the O_NONBLOCK flag for pipe file descriptors, ensuring that read and write operations can be interrupted properly. Users should ensure they are running a version of the Linux kernel that includes this patch.