Linux Kernel Block Cgroup Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's block cgroup implementation, specifically in versions through 6.17.0-rc3. The issue arises from a circular locking dependency when certain locks are acquired in a conflicting order, which can lead to a deadlock situation. This vulnerability can be triggered by the block layer's queue management functions, particularly when a queue is being unregistered while another process is trying to modify its cgroup policy. The root cause is a mismanagement of lock acquisition and release, which this vulnerability introduces.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, where processes become stuck waiting for each other to release locks, causing a halt in system operations that depend on those processes.

Reproduction

The deadlock can be reproduced by using the lockdep tool, which will detect the circular locking dependency. This can be done by writing a cgroup file that activates a policy requiring the block queue to be frozen, while simultaneously trying to unregister the queue, creating a conflict that lockdep can identify.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux kernel stable tree.