[Zesty][PATCH 0/2] UBUNTU: SAUCE: net sched actions: access to uninitialized data and error handling

Fabian Gr├╝nbichler f.gruenbichler at proxmox.com
Fri Apr 14 09:28:28 UTC 2017


On Thu, Apr 13, 2017 at 06:12:09PM +0200, Fabian Gr├╝nbichler wrote:
> 
> > Colin Ian King <colin.king at canonical.com> hat am 13. April 2017 um 15:16 geschrieben:
> > I'll be happy to re-review these once these land upstream and we have an
> > upstream commit id to work against.
> > 
> > Colin
> 
> Might make sense to revert the buggy commit(s) until then? It's pretty easy to reliably trigger crashing / hanging kernel tasks at the moment, all it takes is the possibility to add a basic filter to a virtual net device (so it might be possible in restricted environments like containers as well..).

just verified (see the LP entry for details) that this is indeed (at
least) a DoS possible to trigger from within unprivileged lxd container
instances (tested on a fresh stock 17.04 install). since the report is
already public both here and upstream, I won't change its visibility.

IMHO it would be advisable to at least apply the first patch to prevent
the uninitialized memory access, which while not completely fixing the
refcount / error handling issue, will at least move the target away from
reliably triggering on one of the first few tries. a complete fix will
require more investigation and upstream discussion (which is ongoing
already - see the netdev list).





More information about the kernel-team mailing list