Linux Kernel NBD Driver Hang Issue Due to Interrupted IOCTL Signals

A vulnerability in the Linux kernel's Network Block Device (NBD) driver can lead to a hung task when a signal interrupts the 'nbd_start_device_ioctl' function. This issue occurs because the function waits for the 'recv_threads' condition to be zero, causing a deadlock if there are ongoing I/O operations. The problem has been addressed by modifying the signal handling to clear the NBD queue more effectively, ensuring that interrupted operations can complete without causing a hang.

Impact

The vulnerability can cause a deadlock situation, where a task gets stuck waiting for a condition that cannot be met, effectively freezing the operation that relies on it.

Reproduction

The vulnerability can be reproduced by creating a socket pair and opening the '/dev/nbd0' device. After setting the NBD size and socket, the 'NBD_DO_IT' command is issued. If a signal interrupts this process while the 'recv_threads' condition is not yet zero, the task will hang, waiting for in-flight I/O operations to complete.

Remediation

Users can update to the latest version of the Linux kernel where this issue has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.