A recently resolved vulnerability in the Linux kernel, specifically in the rcu/kvfree module, addressed a data-race issue in the __mod_timer and kvfree_call_rcu functions. This issue was identified by the Kernel Concurrency Sanitizer (KCSAN), which reported a data race when accessing the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() function.
This blog post will discuss the details of the vulnerability, the steps taken to fix it, and links to original references.
Vulnerability Details
The issue stems from the kfree_rcu_monitor() function rearming the work if a "krcp" has to be offloaded. This rearming is done without holding the krcp->lock, whereas the kvfree_call_rcu() function holds it. The data race occurs when these two functions access the krcp->monitor_work.timer.expires variable simultaneously without proper synchronization.
Here is the relevant code snippet from the Linux kernel where the data race can be seen in action
kfree_rcu_monitor() rearms the work if a "krcp" has to be still
offloaded and this is done without holding krcp->lock, whereas
the kvfree_call_rcu() holds it.
Fix:
To address the data race issue, the solution involves acquiring the krcp->lock for the kfree_rcu_monitor() function so that both functions do not race anymore. Adding proper synchronization between these functions avoids the data race issue, resulting in improved stability and performance for the Linux kernel.
Conclusion
This CVE-2024-53160 resolution highlights the constant efforts to improve the Linux kernel's stability and security. By fixing this data race issue, the kernel developers ensure that the kernel remains secure and performs optimally. Users are encouraged to monitor kernel updates and apply patches as necessary to maintain the security and performance of their systems.
Timeline
Published on: 12/24/2024 12:15:24 UTC
Last modified on: 01/20/2025 06:20:04 UTC