Linux Kernel RCU Tasks Spin Lock Vulnerability in Callback List Initialization

A vulnerability exists in the Linux kernel's handling of callback list initialization within the RCU tasks subsystem. The issue arises because the 'pr_info()' function is called while holding a spin lock, 'rtp->cbs_gbl_lock'. This can lead to a 'BUG' condition, as 'printk()', which is invoked by 'pr_info()', may sleep and disrupt the locking mechanism. The problem has been observed in Linux kernel versions prior to 5.19.0-00428-g9de1f9c8ca51, where the improper logging context can cause invalid wait conditions, potentially leading to deadlocks or other synchronization issues.

Impact

The vulnerability can cause a 'BUG: Invalid wait context' error, indicating a disruption in the expected locking behavior, which could lead to synchronization problems or deadlocks in the kernel.

Reproduction

The vulnerability can be reproduced by initializing the RCU tasks subsystem with the default callback queue settings. This process involves calling the 'cblist_init_generic()' function, which sets up the callback queues for RCU task management. While the function is executing, the 'pr_info()' function is called to log information about the initialization process. However, this logging occurs while holding the 'cbs_gbl_lock' spin lock, creating a conflict because the 'printk()' function, used by 'pr_info()', can sleep and interfere with the locking mechanism. This improper handling generates a 'BUG: Invalid wait context' message, indicating that the kernel is experiencing a locking issue due to the logged information being processed while a critical section is still locked.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version available in this repository to mitigate the issue.