Linux Kernel Unlocked Test Vulnerability in Device Mapper Zone Reporting

A vulnerability exists in the Linux kernel's device mapper (DM) component, specifically within the zone reporting function. The issue arises because the function 'dm_blk_report_zones' checks if a device is suspended using the 'dm_suspended_md' call, but does so without holding any locks. This oversight allows the device to be suspended immediately after the check is performed. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to improper handling of device suspension during zone reporting, potentially causing synchronization issues or incorrect state management.

Reproduction

The vulnerability can be reproduced by calling the 'dm_blk_report_zones' function on a device without holding the necessary locks. This will allow the device to be suspended right after the 'dm_suspended_md' check, creating a window of opportunity for the vulnerability to manifest.

Remediation

The vulnerability has been addressed by modifying the 'dm_blk_report_zones' function to move the suspension check after the device's live table is retrieved, ensuring that the device cannot be suspended prematurely. Users should upgrade to the latest version of the Linux kernel stable tree where this fix has been applied.