Linux Kernel DRBD Logic Bug in Non-Blocking IO Function

A logic bug has been fixed in the Linux kernel's DRBD (Distributed Replicated Block Device) module, specifically in the non-blocking IO function. The issue arose because the function could incorrectly assume it had the necessary locks to access the activity log, leading to potential data inconsistencies during operations. This could disrupt the synchronization process and cause the system to crash by mishandling in-flight IO operations. The vulnerability was addressed by improving the error handling and ensuring that the function accurately tracks its state, allowing it to resume correctly after a partial operation.

Impact

The vulnerability could cause data corruption by allowing improper handling of IO operations during critical synchronization processes, potentially leading to system crashes.

Reproduction

The vulnerability can be reproduced by initiating a non-blocking IO operation in DRBD while an active resynchronization is in progress. The timing of the IO request can interfere with the locking mechanism, causing the function to mismanage the activity log references. This creates a 'partially in activity log' state that, if not properly handled, can disrupt the resynchronization process and cause a crash.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.