Linux Kernel Queue Lock Vulnerability in Block Cgroup Management

A vulnerability exists in the Linux kernel's block cgroup management that can lead to various issues, including list corruption and hard lockups. This problem arises when the block cgroup's queue node is removed without holding the appropriate queue lock, allowing 'blkg_destroy_all()' to trigger these bugs. The vulnerability affects the Linux kernel stable tree.

Impact

Failure to hold the queue lock when removing a block cgroup's queue node can cause list corruption and hard lockups.

Reproduction

The vulnerability can be reproduced by removing a block cgroup's queue node from the associated request queue's list without holding the queue lock. This can be done by triggering the 'blkg_free_workfn()' function, which removes the queue node from the list. If the queue lock is not held during this process, it can lead to list corruption and a hard lockup.

Remediation

The vulnerability has been addressed by modifying the block cgroup management code to ensure that the queue lock is held when removing the queue node from the request queue's list. Users can apply the latest patches available in the Linux kernel stable tree to mitigate this issue.