RCU's First-Ever CVE, and How I Lived to Tell the Tale
A1 | Wed 23 Jan | 11:35 a.m.–12:20 p.m.
Paul E. McKenney is a Distinguished Engineer with the IBM Linux Technology Center, where he maintains the RCU implementation within the Linux kernel co-maintains the Linux-kernel memory model. He has been coding for more than four decades, and more than half of that on parallel hardware. His prior lives include working on the DYNIX/ptx kernel at Sequent, work on packet radio, Internet protocols, and system administration at SRI International, and work on soft-realtime systems as a self-employed contract programmer. His hobbies include what passes for running at his age (AKA hiking) along with the usual house-wife-and-grown-kids habit.
There was a time when I thought that Linux-kernel RCU was so low level that it was immune to security exploits. However, the 2014 advent of Rowhammer (https://en.wikipedia.org/wiki/Row_hammer) put paid to that naive thought. After all, if the black hats can hit the DRAM, they can surely hit RCU! And in early 2018, an RCU-related CVE duly appeared. Now, RCU was operating as advertised, but it had a usability bug which lured a developer into mixing RCU flavors, which has about the same effect on your kernel's actuarial statistics as would acquiring the wrong lock. So yes, usability bugs are real, so much so that they can result in security exploits! Who knew? Linus therefore asked if I could prevent future such exploits by consolidating the three RCU flavors (RCU-bh, RCU-preempt, and RCU-sched) into one flavor to rule them all. This talk will briefly cover this consolidation, highlighting a few war stories and lessons (re)learned along the way.