CVE-2024-27031: Linux Kernel NFS Vulnerability Fixed - Deadlock Issue Resolved in nfs_netfs_issue_read() xarray Locking

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt. A potential deadlock issue was found within the Linux kernel's Network File System (NFS) implementation.

The loop inside nfs_netfs_issue_read() currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not safe since after taking xa_lock, another page in the mapping could be processed for writeback inside an interrupt, and deadlock can occur. The fix is simple and clean if we use xa_for_each_range(), which handles the iteration with RCU while reducing code complexity.

The problem is easily reproduced with the following test

mount -o vers=3,fsc 127...1:/export /mnt/nfs
dd if=/dev/zero of=/mnt/nfs/file1.bin bs=4096 count=1
echo 3 > /proc/sys/vm/drop_caches
dd if=/mnt/nfs/file1.bin of=/dev/null
umount /mnt/nfs

On the console with a lockdep-enabled kernel, a message similar to the following will be seen

WARNING: inconsistent lock state
6.7.-lockdbg+ #10 Not tainted
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
test5/1708 [HC[]:SC[]:HE1:SE1] takes:
ffff888127baa598 (&xa->xa_lock#4){+.?.}-{3:3}, at:
nfs_netfs_issue_read+x1b2/x4b [nfs]
[...]

By applying the fix, the deadlock issue can be resolved, ensuring the stability and integrity of the Linux kernel's NFS implementation. You can find additional details and the original references on the Linux Kernel Mailing List (LKML) archives here.

Please note that you may need to update your kernel version to protect against this vulnerability. Always keep your systems updated and follow best security practices to maintain safe and reliable environments.

Timeline

Published on: 05/01/2024 13:15:49 UTC
Last modified on: 05/29/2024 05:27:20 UTC