Executive Summary

This vulnerability exists in the Linux kernel's md/raid5 subsystem, specifically in the retry_aligned_read() function. When retry_aligned_read() encounters an overlapped stripe, it releases the stripe using raid5_release_stripe(), which places it on a lockless list called released_stripes. In the next raid5d loop iteration, the stripe is moved to handle_list, but retry_aligned_read() runs before handle_active_stripes() and removes the stripe from handle_list. This prevents handle_stripe() from processing the stripe to resolve the overlap, causing an infinite loop and a soft lockup (a state where the system becomes unresponsive but not completely crashed).

The fix involves changing the failure path to use __release_stripe() with a temporary inactive list instead of raid5_release_stripe(), preventing the stripe from going through the released_stripes list. This allows the raid5d loop to break out and eventually process the stripe to resolve the overlap.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a soft lockup in the Linux kernel's RAID5 subsystem, which means the system may become unresponsive or hang due to an infinite loop in the raid5d process. This can lead to degraded system performance, potential downtime, and disruption of services relying on RAID5 storage configurations.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability in the Linux kernel related to md/raid5 causing a soft lockup in retry_aligned_read() has been fixed by changing the way stripes are released in the failure path. To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Specifically, ensure your system is running a kernel version where retry_aligned_read() uses __release_stripe() with temp_inactive_list instead of raid5_release_stripe(), as this prevents the infinite loop and soft lockup.

Useful 0 Not Useful 0