Identifying Linux Kernel Instability Due to Poor RCU Synchronization

• URL: http://arxiv.org/abs/2511.00237v1
• Date: Fri, 31 Oct 2025 20:14:00 GMT
• Title: Identifying Linux Kernel Instability Due to Poor RCU Synchronization
• Authors: Oisin O Sullivan, Colin Flanagan, Eoin O Connell,
• Abstract summary: Read-Copy-Update (RCU) is widely used in the Linux kernel to manage concurrent access to shared data structures.<n>This paper investigates a driver-level synchronization issue arising from the omission of explicit synchronize_rcu() calls during hash table updates.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Read-Copy-Update (RCU) is widely used in the Linux kernel to manage concurrent access to shared data structures.However, improper synchronization when removing RCU protected hash table entries can lead to stale pointers, inconsistent lookups, and critical use after free (UAF) vulnerabilities. This paper investigates a driver-level synchronization issue arising from the omission of explicit synchronize_rcu() calls during hash table updates, using a discovered weakness in the Intel ICE network drivers Virtual Function (VF) management. Previous kernel vulnerabilities, such as a bug in the Reliable Datagram Sockets (RDS) subsystem, show how improper RCU synchronization can directly cause kernel crashes. Experimental results demonstrate that removing VF entries without proper synchronization leaves transient stale entries, delays memory reclamation, and results in significant memory fragmentation under rapid insert/delete workloads. RCU hash tables are widely deployed in Linux kernel subsystems such as networking, virtualization, and file systems; improper synchronization can cause memory fragmentation, kernel instability, and out-of-memory (OOM) conditions. Mitigations are proposed, recommending explicit insertion of synchronize_rcu() calls to ensure timely and safe memory reclamation. These findings reinforce established best practices for RCU synchronization, highlighting their importance for maintaining kernel stability and memory safety. Keywords: RCU, kernel synchronization, hash tables, ICE driver, memory fragmentation, use-after-free

Related papers

• Optimized Disaster Recovery for Distributed Storage Systems: Lightweight Metadata Architectures to Overcome Cryptographic Hashing Bottleneck [0.0]
  This paper characterizes the operational conditions under which full or partial re-hashing becomes unavoidable.<n>The proposed framework assigns globally unique composite identifiers to data blocks at ingestion time-independent of content analysis enabling instantaneous delta during DR without any cryptographic overhead.
  arXiv  Detail & Related papers  (2026-02-23T21:34:25Z)
• PICASSO: Scaling CHERI Use-After-Free Protection to Millions of Allocations using Colored Capabilities [8.29875974569966]
  We introduce colored capabilities that add a controlled form of indirection to CHERI's capability model.<n> Colored capabilities significantly reduce the frequency of capability revocation sweeps while improving security.<n>Our evaluation shows effective mitigation of use-after-free and double-free bugs across all heap-based temporal memory-safety vulnerabilities.
  arXiv  Detail & Related papers  (2026-02-09T19:22:51Z)
• Outrunning LLM Cutoffs: A Live Kernel Crash Resolution Benchmark for All [57.23434868678603]
  Live-kBench is an evaluation framework for self-evolving benchmarks that scrapes and evaluates agents on freshly discovered kernel bugs.<n> kEnv is an agent-agnostic crash-resolution environment for kernel compilation, execution, and feedback.<n>Using kEnv, we benchmark three state-of-the-art agents, showing that they resolve 74% of crashes on the first attempt.
  arXiv  Detail & Related papers  (2026-02-02T19:06:15Z)
• HALO: Semantic-Aware Distributed LLM Inference in Lossy Edge Network [50.33808558714122]
  Large language models' (LLMs) inference at the edge can facilitate prompt service responsiveness while protecting user privacy.<n>We propose HALO, a novel framework that can boost the distributed LLM inference in lossy edge network.<n> Experimental results from a Raspberry Pi cluster demonstrate that HALO achieves a 3.41x end-to-end speedup for LLaMA-series LLMs under unreliable network conditions.
  arXiv  Detail & Related papers  (2026-01-16T07:37:23Z)
• Optimized Memory Tagging on AmpereOne Processors [0.0]
  The Memory Tagging Extension (MTE) to the ARM AArch64 Instruction Set Architecture is a valuable tool to address memory-safety escapes.<n>This paper analyzes the complete hardware-software stack, identifying application memory management as the primary remaining source of overhead.
  arXiv  Detail & Related papers  (2025-11-21T20:39:31Z)
• Security Audit of intel ICE Driver for e810 Network Interface Card [0.0]
  This study presents a security analysis of the Intel ICE driver using the E810 Ethernet Controller.<n>It employs static analysis, fuzz testing, and timing-based side-channel evaluation to assess against exploitation.
  arXiv  Detail & Related papers  (2025-10-31T20:20:10Z)
• CRUST-Bench: A Comprehensive Benchmark for C-to-safe-Rust Transpilation [51.18863297461463]
  CRUST-Bench is a dataset of 100 C repositories, each paired with manually-written interfaces in safe Rust as well as test cases.<n>We evaluate state-of-the-art large language models (LLMs) on this task and find that safe and idiomatic Rust generation is still a challenging problem.<n>The best performing model, OpenAI o1, is able to solve only 15 tasks in a single-shot setting.
  arXiv  Detail & Related papers  (2025-04-21T17:33:33Z)
• BLACKOUT: Data-Oblivious Computation with Blinded Capabilities [9.217491992865087]
  We address memory-safety and side-channel resistance by augmenting memory-safe hardware with the ability for data-oblivious programming.<n>We present BLACKOUT, our realization of blinded capabilities on a FPGA softcore based on the speculative out-of-order CHERI-Toooba processor.
  arXiv  Detail & Related papers  (2025-04-20T15:25:59Z)
• Write+Sync: Software Cache Write Covert Channels Exploiting Memory-disk Synchronization [6.6639205139634115]
  SYNC+SYNC is a group of attacks that exploit the memory-disk synchronization primitives.<n>We present the principles of SYNC+SYNC through the implementation of two write covert channel protocols.<n>Results show that, the average rate can reach 2.036 Kb/s (with a peak rate of 14.762 Kb/s) and the error rate is 0% on Linux.
  arXiv  Detail & Related papers  (2023-12-08T15:11:26Z)
• Recurrent Dynamic Embedding for Video Object Segmentation [54.52527157232795]
  We propose a Recurrent Dynamic Embedding (RDE) to build a memory bank of constant size. We propose an unbiased guidance loss during the training stage, which makes SAM more robust in long videos. We also design a novel self-correction strategy so that the network can repair the embeddings of masks with different qualities in the memory bank.
  arXiv  Detail & Related papers  (2022-05-08T02:24:43Z)
• Dual Cluster Contrastive learning for Person Re-Identification [78.42770787790532]
  We formulate a unified cluster contrastive framework, named Dual Cluster Contrastive learning (DCC) DCC maintains two types of memory banks: individual and centroid cluster memory banks. It can be easily applied for unsupervised or supervised person ReID.
  arXiv  Detail & Related papers  (2021-12-09T02:43:25Z)
• Federated Doubly Stochastic Kernel Learning for Vertically Partitioned Data [93.76907759950608]
  We propose a doubly kernel learning algorithm for vertically partitioned data. We show that FDSKL is significantly faster than state-of-the-art federated learning methods when dealing with kernels.
  arXiv  Detail & Related papers  (2020-08-14T05:46:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.