TY - GEN
T1 - Identifying Linux Kernel Instability Due to Poor RCU Synchronization
AU - O'sullivan, Oisin
AU - O'connell, Eoin
AU - Flanagan, Colin
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Read-Copy-Update (RCU) is widely used in the Linux kernel to manage concurrent access to shared data structures. However, improper synchronization when removing RCU-protected hash table entries can lead to stale pointers, inconsistent lookups, and critical use-after-free (UAF) vulnerabilities. This paper investigates a driver-level synchronization issue arising from the omission of explicit synchronize_rcu() calls during hash table updates, using a discovered weakness in the Intel® ICE network driver's Virtual Function (VF) management. Previous kernel vulnerabilities, such as a bug in the Reliable Datagram Sockets (RDS) subsystem, show how improper RCU synchronization can directly cause kernel crashes. Experimental results demonstrate that removing VF entries without proper synchronization leaves transient stale entries, delays memory reclamation, and results in significant memory fragmentation under rapid insert/delete workloads. RCU hash tables are widely deployed in Linux kernel subsystems such as networking, virtualization, and file systems; improper synchronization can cause memory fragmentation, kernel instability, and out-of-memory (OOM) conditions. Mitigations are proposed, recommending explicit insertion of synchronize_rcu() calls to ensure timely and safe memory reclamation. These findings reinforce established best practices for RCU synchronization, highlighting their importance for maintaining kernel stability and memory safety.
AB - Read-Copy-Update (RCU) is widely used in the Linux kernel to manage concurrent access to shared data structures. However, improper synchronization when removing RCU-protected hash table entries can lead to stale pointers, inconsistent lookups, and critical use-after-free (UAF) vulnerabilities. This paper investigates a driver-level synchronization issue arising from the omission of explicit synchronize_rcu() calls during hash table updates, using a discovered weakness in the Intel® ICE network driver's Virtual Function (VF) management. Previous kernel vulnerabilities, such as a bug in the Reliable Datagram Sockets (RDS) subsystem, show how improper RCU synchronization can directly cause kernel crashes. Experimental results demonstrate that removing VF entries without proper synchronization leaves transient stale entries, delays memory reclamation, and results in significant memory fragmentation under rapid insert/delete workloads. RCU hash tables are widely deployed in Linux kernel subsystems such as networking, virtualization, and file systems; improper synchronization can cause memory fragmentation, kernel instability, and out-of-memory (OOM) conditions. Mitigations are proposed, recommending explicit insertion of synchronize_rcu() calls to ensure timely and safe memory reclamation. These findings reinforce established best practices for RCU synchronization, highlighting their importance for maintaining kernel stability and memory safety.
KW - hash tables
KW - ICE driver
KW - kernel synchronization
KW - memory fragmentation
KW - RCU
KW - use-after-free
UR - https://www.scopus.com/pages/publications/105032493083
U2 - 10.1109/ISSC67739.2025.11291433
DO - 10.1109/ISSC67739.2025.11291433
M3 - Conference contribution
AN - SCOPUS:105032493083
T3 - Irish Signals and Systems Conference: Signalling our Strength, ISSC 2025
BT - Irish Signals and Systems Conference
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 35th Irish Signals and Systems Conference, ISSC 2025
Y2 - 9 June 2025 through 10 June 2025
ER -