Linux Kernel RAID10 Soft Lockup Vulnerability During Write Flush

A vulnerability in the Linux kernel's RAID10 implementation can lead to a soft lockup condition while flushing write operations. This issue arises because RAID10 does not have a mechanism to yield control during write flushes, unlike RAID1. The lack of this control can cause the system to become unresponsive, as demonstrated by a writeback test on RAID10 with ramdisks, which triggered a CPU soft lockup. The problem is exacerbated by the absence of a limit on the number of plugged block I/O operations, allowing excessive writes to accumulate and disrupt normal processing.

Impact

Exploitation of this vulnerability can cause a soft lockup, where a CPU becomes unresponsive for an extended period, disrupting system performance and responsiveness.

Reproduction

The vulnerability can be reproduced by performing a writeback test on a RAID10 array using ramdisks. This test will flush writes in a way that can easily trigger the soft lockup condition, with the system's watchdog reporting the CPU as stuck for several seconds.

Remediation

The vulnerability has been addressed in Linux kernel commits that added the missing control yield, similar to what RAID1 already had. Users should upgrade to a version that includes this fix.