Linux Kernel Device Mapper Timeout Handling Vulnerability Leading to Request Leaks

A vulnerability in the Linux kernel's device mapper (dm) component can cause I/O requests to be leaked and not completed, leading to indefinite task hangs. This issue arises because the dm driver does not have its own timeout handler and relies on the timeout management of its slave devices. When an I/O timeout failure is injected into a dm device, the request is not finished, causing tasks to hang indefinitely. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes tasks to hang indefinitely, as leaked I/O requests are not completed.

Reproduction

To reproduce this vulnerability, first prepare a dm device that has an iSCSI slave device. Then, inject an I/O timeout failure into the dm device by echoing '1' into '/sys/class/block/dm-0/io-timeout-fail', and set the failure injection probability and times. After injecting the failure, perform read or write operations on the dm device. This will result in a hung task, which can be observed in the system logs.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version.