Linux Kernel FUSE Module Readahead Reclaim Deadlock Vulnerability

A deadlock vulnerability has been identified in the FUSE (Filesystem in Userspace) module of the Linux kernel. This issue arises when the FUSE server does not implement the 'open' operation, leading to a failure in properly managing inode references during file readahead operations. As a result, an inode can be evicted from the cache while readahead requests are still being processed, causing a deadlock. The problem occurs because the readahead operation locks the file's data, and when the system attempts to reclaim memory by evicting the corresponding inode, it gets stuck waiting for the lock to be released, creating a cycle of blocked operations.

Impact

Exploitation of this vulnerability leads to a deadlock condition, where the system becomes unresponsive while waiting for a locked resource to be released, causing a stall in file operations.

Reproduction

To reproduce this vulnerability, initiate a readahead operation on a file served by a FUSE filesystem where the server does not implement the 'open' operation. While the readahead request is being processed, trigger the system's memory reclamation process. This can be done by accessing a different part of the filesystem that prompts the kernel to reclaim memory, such as by navigating to a directory with a large number of files or by using a memory-intensive application. The combination of these actions will cause the system to enter a deadlock, with the readahead operation blocked by the memory reclamation process, which is waiting for the readahead lock to be released.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version of the stable Linux kernel where this issue has been addressed.