Linux Kernel RCU Module Unloading Race Condition Vulnerability

A vulnerability in the Linux kernel's RCU (Read-Copy-Update) subsystem has been addressed. The issue arose in the 'rcuscale' module, where the 'kfree_scale_thread' continued to run after the module was unloaded. This oversight led to a kernel crash, as the thread attempted to access memory that was no longer available. The vulnerability was introduced when the 'kfree_rcu_test' performance test was added, and it could be reproduced by loading the 'rcuscale' module with this test enabled, then unloading the module while the test was still running.

Impact

The vulnerability could lead to a kernel crash (a 'splat'), where the system fails to handle a page fault correctly, attempting to fetch a supervisor instruction from a non-existent page. This error disrupts normal operations and can cause instability in the system.

Reproduction

To reproduce this vulnerability, load the 'rcuscale' module with the 'kfree_rcu_test' option enabled. After some time, unload the 'rcuscale' module and the 'torture' module. This sequence will trigger the vulnerability, causing a page fault error that crashes the kernel.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.