Linux Kernel Blk-MQ Tag Leak Vulnerability When Reducing Hardware Queues

A vulnerability in the Linux kernel's block layer management (blk-mq) has been addressed. The issue involved a memory leak of tag allocations when the number of hardware queues was reduced. Although it is unnecessary to reallocate tags during this process, the existing tags must be freed to prevent leakage. The vulnerability was introduced in the blk-mq tag management code.

Impact

Failing to properly manage tag allocations can lead to memory leaks, where allocated resources are not released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

To reproduce this vulnerability, mount configfs and load the null_blk module with no devices and eight submit queues. Create a directory for a new null_blk device, power it on, and set the submit queue count to four. Finally, remove the directory. This process will cause a tag allocation for nine tags (eight submit and one poll queue). When the submit queue count is reduced, only a portion of the tags are freed, leaving the others leaked.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been fixed.