Linux Kernel NVMe-RDMA Admin Queue Handling Vulnerability Leading to Kernel Hang

A vulnerability in the Linux kernel's NVMe over RDMA implementation can cause the kernel to hang when destroying an administrative queue. This issue arises because the administrative queue is quiesced before pending requests are drained, leading to a deadlock. The problem occurs during the cleanup process when the controller setup fails, leaving the queue in a state that prevents proper termination.

Impact

The vulnerability can cause a kernel hang, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by creating a NVMe over RDMA controller and then intentionally causing a failure in the setup process. This will leave the administrative queue in a quiesced state with pending requests that are not properly drained. When the system attempts to destroy the administrative queue, it will hang indefinitely, waiting for the frozen queue to be cleared.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.