| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091552-CVE-2023-53151-263e@gregkh> Date: Mon, 15 Sep 2025 16:02:14 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53151: md/raid10: prevent soft lockup while flush writes From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup while flush writes Currently, there is no limit for raid1/raid10 plugged bio. While flushing writes, raid1 has cond_resched() while raid10 doesn't, and too many writes can cause soft lockup. Follow up soft lockup can be triggered easily with writeback test for raid10 with ramdisks: watchdog: BUG: soft lockup - CPU#10 stuck for 27s! [md0_raid10:1293] Call Trace: <TASK> call_rcu+0x16/0x20 put_object+0x41/0x80 __delete_object+0x50/0x90 delete_object_full+0x2b/0x40 kmemleak_free+0x46/0xa0 slab_free_freelist_hook.constprop.0+0xed/0x1a0 kmem_cache_free+0xfd/0x300 mempool_free_slab+0x1f/0x30 mempool_free+0x3a/0x100 bio_free+0x59/0x80 bio_put+0xcf/0x2c0 free_r10bio+0xbf/0xf0 raid_end_bio_io+0x78/0xb0 one_write_done+0x8a/0xa0 raid10_end_write_request+0x1b4/0x430 bio_endio+0x175/0x320 brd_submit_bio+0x3b9/0x9b7 [brd] __submit_bio+0x69/0xe0 submit_bio_noacct_nocheck+0x1e6/0x5a0 submit_bio_noacct+0x38c/0x7e0 flush_pending_writes+0xf0/0x240 raid10d+0xac/0x1ed0 Fix the problem by adding cond_resched() to raid10 like what raid1 did. Note that unlimited plugged bio still need to be optimized, for example, in the case of lots of dirty pages writeback, this will take lots of memory and io will spend a long time in plug, hence io latency is bad. The Linux kernel CVE team has assigned CVE-2023-53151 to this issue. Affected and fixed versions =========================== Fixed in 4.14.322 with commit f45b2fa7678ab385299de345f7e85d05caea386b Fixed in 4.19.291 with commit 00ecb6fa67c0f772290c5ea5ae8b46eefd503b83 Fixed in 5.4.251 with commit d0345f7c7dbc5d42e4e6f1db99c1c1879d7b0eb5 Fixed in 5.10.188 with commit 634daf6b2c81015cc5e28bf694a6a94a50c641cd Fixed in 5.15.150 with commit 84a578961b2566e475bfa8740beaf0abcc781a6f Fixed in 6.1.83 with commit 1d467e10507167eb6dc2c281a87675b731955d86 Fixed in 6.4.7 with commit fbf50184190d55f8717bd29aa9530c399be96f30 Fixed in 6.5 with commit 010444623e7f4da6b4a4dd603a7da7469981e293 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53151 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/raid10.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f45b2fa7678ab385299de345f7e85d05caea386b https://git.kernel.org/stable/c/00ecb6fa67c0f772290c5ea5ae8b46eefd503b83 https://git.kernel.org/stable/c/d0345f7c7dbc5d42e4e6f1db99c1c1879d7b0eb5 https://git.kernel.org/stable/c/634daf6b2c81015cc5e28bf694a6a94a50c641cd https://git.kernel.org/stable/c/84a578961b2566e475bfa8740beaf0abcc781a6f https://git.kernel.org/stable/c/1d467e10507167eb6dc2c281a87675b731955d86 https://git.kernel.org/stable/c/fbf50184190d55f8717bd29aa9530c399be96f30 https://git.kernel.org/stable/c/010444623e7f4da6b4a4dd603a7da7469981e293
Powered by blists - more mailing lists