Linux Kernel EROFS Decompression Thread Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's EROFS (Enhanced Read-Only File System) implementation, specifically related to LZMA compression handling. When a user mounts the EROFS file system multiple times, the decompression thread may become unresponsive. This issue arises from a race condition between two tasks: one task (Task A) loads LZMA configuration and nodes, while another task (Task B) attempts to access nodes but finds the queue empty, causing it to sleep. As Task A releases and pushes nodes into the queue, Task B remains asleep, leading to a hang. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a deadlock, where the decompression thread becomes unresponsive, potentially leading to performance degradation or system hang.

Reproduction

To reproduce this vulnerability, mount an EROFS file system multiple times. During the second mount, the decompression thread may hang due to a race condition between tasks handling LZMA decompression. Task A loads the LZMA configuration and nodes, while Task B, needing a node, finds the queue empty and goes to sleep. When Task A releases nodes and adds them to the queue, Task B remains asleep, causing the deadlock.