Linux Kernel I/O Cost QOS Double Addition Vulnerability Leading to List Corruption

A vulnerability in the Linux kernel's block layer I/O scheduling can lead to list corruption. This issue arises when the 'io.cost.qos' file is written concurrently by multiple CPUs, causing the same request QOS to be added to a queue twice. As a result, two instances of I/O costing can become active on a single disk, each with different control groups, but sharing the same root group. This overlap can corrupt the internal management of the QOS lists, causing crashes and instability.

Impact

The vulnerability can cause system crashes by corrupting the internal QOS management lists, leading to instability in the I/O scheduling process.

Reproduction

The vulnerability can be reproduced by concurrently writing to the 'io.cost.qos' file from two different CPU cores. This can be done by initiating two separate processes that simultaneously modify the QOS settings for the same I/O queue, which will result in the same QOS request being added twice. The conflict between the two QOS instances can then be observed, along with the resulting list corruption.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users should upgrade to the latest stable version.