CVE-2023-53291

Running the 'kfreercutest' test case [1] results in a splat [2]. The root cause is the kfreescalethread thread(s) continue running after unloading the rcuscale module. This commit fixes that isue by invoking kfreescalecleanup() from rcuscalecleanup() when removing the rcuscale module.

[1] modprobe rcuscale kfreercutest=1 // After some time rmmod rcuscale rmmod torture

[2] BUG: unable to handle page fault for address: ffffffffc0601a87 #PF: supervisor instruction fetch in kernel mode #PF: errorcode(0x0010) - not-present page PGD 11de4f067 P4D 11de4f067 PUD 11de51067 PMD 112f4d067 PTE 0 Oops: 0010 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 1798 Comm: kfreescalethr Not tainted 6.3.0-rc1-rcu+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 RIP: 0010:0xffffffffc0601a87 Code: Unable to access opcode bytes at 0xffffffffc0601a5d. RSP: 0018:ffffb25bc2e57e18 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffffffffc061f0b6 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff962fd0de RDI: ffffffff962fd0de RBP: ffffb25bc2e57ea8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: 000000000000000a R15: 00000000001c1dbe FS: 0000000000000000(0000) GS:ffff921fa2200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffc0601a5d CR3: 000000011de4c006 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? kvfreecallrcu+0xf0/0x3a0 ? kthread+0xf3/0x120 ? kthreadcompleteandexit+0x20/0x20 ? retfromfork+0x1f/0x30 </TASK> Modules linked in: rfkill sunrpc ... [last unloaded: torture] CR2: ffffffffc0601a87 ---[ end trace 0000000000000000 ]---

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53291.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e6e78b004fa7e0ab455d46d27f218bf6ce178a18

Fixed

604d6a5ff718874904b0fe614878a42b42c0d699

Fixed

f766d45ab294871a3d588ee76c666852f151cad9

Fixed

b8a6ba524d41f4da102e65f90498d9a910839621

Fixed

1dd7547c7610723b2b6afe1a3c4ddb2bde63387c

Fixed

29b1da4f90fc42c91beb4e400d926194925ad31b

Fixed

23fc8df26dead16687ae6eb47b0561a4a832e2f6

Affected versions

v5.*

v5.10

v5.10-rc1

v5.10-rc2

v5.10-rc3

v5.10-rc4

v5.10-rc5

v5.10-rc6

v5.10-rc7

v5.10.1

v5.10.10

v5.10.100

v5.10.101

v5.10.102

v5.10.103

v5.10.104

v5.10.105

v5.10.106

v5.10.107

v5.10.108

v5.10.109

v5.10.11

v5.10.110

v5.10.111

v5.10.112

v5.10.113

v5.10.114

v5.10.115

v5.10.116

v5.10.117

v5.10.118

v5.10.119

v5.10.12

v5.10.120

v5.10.121

v5.10.122

v5.10.123

v5.10.124

v5.10.125

v5.10.126

v5.10.127

v5.10.128

v5.10.129

v5.10.13

v5.10.130

v5.10.131

v5.10.132

v5.10.133

v5.10.134

v5.10.135

v5.10.136

v5.10.137

v5.10.138

v5.10.139

v5.10.14

v5.10.140

v5.10.141

v5.10.142

v5.10.143

v5.10.144

v5.10.145

v5.10.146

v5.10.147

v5.10.148

v5.10.149

v5.10.15

v5.10.150

v5.10.151

v5.10.152

v5.10.153

v5.10.154

v5.10.155

v5.10.156

v5.10.157

v5.10.158

v5.10.159

v5.10.16

v5.10.160

v5.10.161

v5.10.162

v5.10.163

v5.10.164

v5.10.165

v5.10.166

v5.10.167

v5.10.168

v5.10.169

v5.10.17

v5.10.170

v5.10.171

v5.10.172

v5.10.173

v5.10.174

v5.10.175

v5.10.176

v5.10.177

v5.10.178

v5.10.179

v5.10.18

v5.10.180

v5.10.181

v5.10.182

v5.10.183

v5.10.184

v5.10.185

v5.10.186

v5.10.187

v5.10.19

v5.10.2

v5.10.20

v5.10.21

v5.10.22

v5.10.23

v5.10.24

v5.10.25

v5.10.26

v5.10.27

v5.10.28

v5.10.29

v5.10.3

v5.10.30

v5.10.31

v5.10.32

v5.10.33

v5.10.34

v5.10.35

v5.10.36

v5.10.37

v5.10.38

v5.10.39

v5.10.4

v5.10.40

v5.10.41

v5.10.42

v5.10.43

v5.10.44

v5.10.45

v5.10.46

v5.10.47

v5.10.48

v5.10.49

v5.10.5

v5.10.50

v5.10.51

v5.10.52

v5.10.53

v5.10.54

v5.10.55

v5.10.56

v5.10.57

v5.10.58

v5.10.59

v5.10.6

v5.10.60

v5.10.61

v5.10.62

v5.10.63

v5.10.64

v5.10.65

v5.10.66

v5.10.67

v5.10.68

v5.10.69

v5.10.7

v5.10.70

v5.10.71

v5.10.72

v5.10.73

v5.10.74

v5.10.75

v5.10.76

v5.10.77

v5.10.78

v5.10.79

v5.10.8

v5.10.80

v5.10.81

v5.10.82

v5.10.83

v5.10.84

v5.10.85

v5.10.86

v5.10.87

v5.10.88

v5.10.89

v5.10.9

v5.10.90

v5.10.91

v5.10.92

v5.10.93

v5.10.94

v5.10.95

v5.10.96

v5.10.97

v5.10.98

v5.10.99

v5.11

v5.11-rc1

v5.11-rc2

v5.11-rc3

v5.11-rc4

v5.11-rc5

v5.11-rc6

v5.11-rc7

v5.12

v5.12-rc1

v5.12-rc1-dontuse

v5.12-rc2

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.100

v5.15.101

v5.15.102

v5.15.103

v5.15.104

v5.15.105

v5.15.106

v5.15.107

v5.15.108

v5.15.109

v5.15.11

v5.15.110

v5.15.111

v5.15.112

v5.15.113

v5.15.114

v5.15.115

v5.15.116

v5.15.117

v5.15.118

v5.15.119

v5.15.12

v5.15.120

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.71

v5.15.72

v5.15.73

v5.15.74

v5.15.75

v5.15.76

v5.15.77

v5.15.78

v5.15.79

v5.15.8

v5.15.80

v5.15.81

v5.15.82

v5.15.83

v5.15.84

v5.15.85

v5.15.86

v5.15.87

v5.15.88

v5.15.89

v5.15.9

v5.15.90

v5.15.91

v5.15.92

v5.15.93

v5.15.94

v5.15.95

v5.15.96

v5.15.97

v5.15.98

v5.15.99

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v5.5

v5.5-rc2

v5.5-rc3

v5.5-rc4

v5.5-rc5

v5.5-rc6

v5.5-rc7

v5.6

v5.6-rc1

v5.6-rc2

v5.6-rc3

v5.6-rc4

v5.6-rc5

v5.6-rc6

v5.6-rc7

v5.7

v5.7-rc1

v5.7-rc2

v5.7-rc3

v5.7-rc4

v5.7-rc5

v5.7-rc6

v5.7-rc7

v5.8

v5.8-rc1

v5.8-rc2

v5.8-rc3

v5.8-rc4

v5.8-rc5

v5.8-rc6

v5.8-rc7

v5.9

v5.9-rc1

v5.9-rc2

v5.9-rc3

v5.9-rc4

v5.9-rc5

v5.9-rc6

v5.9-rc7

v5.9-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.1.9

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.3.1

v6.3.10

v6.3.11

v6.3.12

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.3.6

v6.3.7

v6.3.8

v6.3.9

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.4.1

v6.4.2

v6.4.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53291.json"

vanir_signatures

[
    {
        "id": "CVE-2023-53291-026d027e",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1dd7547c7610723b2b6afe1a3c4ddb2bde63387c",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "149088632644074552613562403157876110254",
                "20584124005383163914462673166500980067",
                "280941951268142427880580407006770735628"
            ]
        },
        "target": {
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-0bed60c5",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@604d6a5ff718874904b0fe614878a42b42c0d699",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "149088632644074552613562403157876110254",
                "20584124005383163914462673166500980067",
                "280941951268142427880580407006770735628"
            ]
        },
        "target": {
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-0e7c8ec8",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@29b1da4f90fc42c91beb4e400d926194925ad31b",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "338731300557816998206316345443886584185",
            "length": 1846.0
        },
        "target": {
            "function": "rcu_scale_cleanup",
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-22c3081d",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f766d45ab294871a3d588ee76c666852f151cad9",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "149088632644074552613562403157876110254",
                "20584124005383163914462673166500980067",
                "280941951268142427880580407006770735628"
            ]
        },
        "target": {
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-4c098996",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f766d45ab294871a3d588ee76c666852f151cad9",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "338731300557816998206316345443886584185",
            "length": 1846.0
        },
        "target": {
            "function": "rcu_scale_cleanup",
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-860b6bc6",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@604d6a5ff718874904b0fe614878a42b42c0d699",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "338731300557816998206316345443886584185",
            "length": 1846.0
        },
        "target": {
            "function": "rcu_scale_cleanup",
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-9b3525bd",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23fc8df26dead16687ae6eb47b0561a4a832e2f6",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "338731300557816998206316345443886584185",
            "length": 1846.0
        },
        "target": {
            "function": "rcu_scale_cleanup",
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-9c863bc4",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b8a6ba524d41f4da102e65f90498d9a910839621",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "149088632644074552613562403157876110254",
                "20584124005383163914462673166500980067",
                "280941951268142427880580407006770735628"
            ]
        },
        "target": {
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-9d5b3409",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b8a6ba524d41f4da102e65f90498d9a910839621",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "338731300557816998206316345443886584185",
            "length": 1846.0
        },
        "target": {
            "function": "rcu_scale_cleanup",
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-cd298c1e",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@29b1da4f90fc42c91beb4e400d926194925ad31b",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "149088632644074552613562403157876110254",
                "20584124005383163914462673166500980067",
                "280941951268142427880580407006770735628"
            ]
        },
        "target": {
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-e89b2de0",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23fc8df26dead16687ae6eb47b0561a4a832e2f6",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "149088632644074552613562403157876110254",
                "20584124005383163914462673166500980067",
                "280941951268142427880580407006770735628"
            ]
        },
        "target": {
            "file": "kernel/rcu/rcuscale.c"
        }
    },
    {
        "id": "CVE-2023-53291-fd6f4367",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1dd7547c7610723b2b6afe1a3c4ddb2bde63387c",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "338731300557816998206316345443886584185",
            "length": 1846.0
        },
        "target": {
            "function": "rcu_scale_cleanup",
            "file": "kernel/rcu/rcuscale.c"
        }
    }
]

Git / github.com/gregkh/linux