Linux Kernel Kswapd Wake-Up Deadlock Vulnerability in SLUB Memory Allocator

A deadlock vulnerability has been identified in the Linux kernel's SLUB memory allocator. The issue arises in the 'set_track_prepare' function, which can cause lock recursion. When 'set_track_prepare' is called from 'hrtimer_start_range_ns', it holds a lock that, under certain conditions, can inadvertently wake up the kswapd process. This can lead to a deadlock situation, as kswapd tries to reclaim memory while the original function call is still holding the lock. The vulnerability is present in the Linux kernel stable tree, specifically in versions prior to the latest commit that addresses this issue.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, causing the system to hang while waiting for resources to be released.

Reproduction

The vulnerability can be reproduced by enabling the 'CONFIG_DEBUG_OBJECTS_TIMERS' option in the Linux kernel. This causes the 'set_track_prepare' function to wake up the kswapd process while holding a lock, leading to a deadlock. The issue can be observed in the kernel's debug objects timer handling, where the improper management of memory allocation flags allows for this lock recursion to occur.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.