Linux Kernel Kmemleak Soft Lockup Vulnerability

A soft lockup vulnerability has been identified in the Linux kernel's memory leak tracking feature, kmemleak. This issue occurs in debug kernels with kmemleak enabled, particularly on x86-64 systems with 16 GB of RAM. The vulnerability arises when kmemleak attempts to clean up its objects, which can exceed 40,000, causing a significant delay. This cleanup process, managed by a workqueue, can become a bottleneck, especially during parallel hot unplug operations. As a result, the system's watchdog triggers a soft lockup warning, indicating that a CPU has been unresponsive for an extended period.

Impact

Exploitation of this vulnerability leads to a soft lockup, where a CPU becomes unresponsive for an extended period, causing potential system performance issues.

Reproduction

To reproduce this vulnerability, enable kmemleak in a debug kernel on an x86-64 system with 16 GB of memory. Set the CONFIG_DEBUG_KMEMLEAK_MEM_POOL_SIZE to 40,000. While kmemleak is active, run a workload that includes hot unplug operations. This will cause kmemleak to disable itself due to memory allocation issues, triggering the soft lockup as the cleanup process struggles to keep up with the workload.

Remediation

The vulnerability has been addressed in the Linux kernel by optimizing the kmemleak cleanup process. Users can apply the latest patches available in the Linux kernel stable tree to mitigate this issue.