Linux Kernel s390/dcssblk Driver List Corruption Vulnerability Leading to Kernel Crash

A vulnerability in the Linux kernel's s390/dcssblk driver can cause a kernel crash due to list corruption. This issue arises from improper handling of the dax_device and gendisk association, introduced in a previous commit. The dcssblk driver failed to remove dax hosts in certain scenarios, leading to stale entries and corruption when the driver was reloaded. The missing error handling allowed the corruption to persist, causing a crash when the device was added again.

Impact

The vulnerability causes a kernel crash due to list corruption, disrupting normal system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by cycling through the add and remove operations of a device using the dcssblk driver. The missing dax_remove_host calls during the remove operation, combined with the flawed error handling in the add operation, create stale entries that cause list corruption. When the device is added again, the corruption triggers a kernel crash.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version where this issue is fixed.