Linux Kernel Memory Management Vulnerability Leading to Soft Lockup

A vulnerability in the Linux kernel's memory management can cause a soft lockup, particularly under memory pressure. This issue arises in the 'get_swap_pages()' function, which can be called tens of thousands of times to find available memory space. The problem is exacerbated in systems with high CPU counts and multiple zram devices, leading to frequent out-of-memory conditions. The root cause is the 'plist_for_each_entry_safe()' loops in 'get_swap_pages()', which can become excessively repetitive when 'cond_resched()' is not called, preventing the system from recovering from the lockup.

Impact

Exploitation of this vulnerability can lead to a soft lockup, where the system becomes unresponsive due to a process consuming too much CPU time without yielding.

Reproduction

The vulnerability can be reproduced by creating a system with 64 CPU cores, 64GB of memory, and 28 zram devices, each 50MB in size. The 'stress-ng' tool can be used to increase memory pressure, causing the system to frequently run out of memory. Under these conditions, the 'get_swap_pages()' function can be observed to loop excessively without finding available space, leading to a soft lockup.

Remediation

The vulnerability has been addressed by adding a 'cond_resched()' call in the 'get_swap_pages()' function, allowing the system to recover and preventing the soft lockup.