Linux Kernel md RAID Hang Vulnerability in Device-Mapper

A vulnerability in the Linux kernel's md RAID management can cause the system to hang when stopping RAID arrays that use device-mapper's dm-raid target. This issue arises under certain conditions: when a dm-raid managed device tree is suspended from top to bottom, and the top-level RAID device is subsequently removed. The removal triggers a hang because the dm-raid destructor calls md_stop(), which attempts to flush the write-intent bitmap to the metadata sub-devices. However, these sub-devices are already suspended and cannot complete the operation, leading to an indefinite block.

Impact

The vulnerability can cause the system to hang indefinitely, disrupting normal operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, suspend a dm-raid managed device tree from top to bottom, starting with the top-level RAID device and followed by its underlying metadata and data devices. Once the device tree is fully suspended, remove the top-level RAID device. This sequence of actions will trigger the hang condition.

Remediation

The vulnerability has been addressed by modifying the md_stop() function to prevent bitmap flushing when called from the dm-raid destructor context, thereby avoiding the hang. This patch is available in the Linux kernel stable tree.