[Xenial][SRU][CVE-2018-20784][PATCH 0/1] fix infinite loop

Connor Kuehl connor.kuehl at canonical.com
Fri Sep 27 18:54:49 UTC 2019


>From the link above:

	"In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf
	cfs_rq's, which allows attackers to cause a denial of service (infinite
	loop in update_blocked_averages) or possibly have unspecified other impact
	by inducing a high load."

Note, this fix reverts another patch that was specifically SRU'd in to
Xenial: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896

In the hopes of avoiding a trade of 1 regression for another, I did a bit of an
A/B test to see if I could experience any blatant issues.

I booted Xenial in a 64 bit VM twice. The first time was without this
CVE backport applied. The second time was with it applied. I ran the
reproducer in both cases and experienced the same CPU utilization (both
cores I allocated to my VM were at 100%) and in both cases I experienced
stable memory pressure. They would both hover around 120MB +/- 3-5MB.

The primary difference between the two runs was where I'd watch the

WITHOUT the CVE backport: the cfs_rqs fluctuated between 13-18

WITH the CVE backport: the cfs_rqs started around 65, then floated down
to 61.

If there are more tests that anyone would like to see performed before
we settle on a decision for this backport, please let me know. I'm happy
to do it.

- Connor

Linus Torvalds (1):
  sched/fair: Fix infinite loop in update_blocked_averages() by
    reverting a9e7f6544b9c

 kernel/sched/fair.c | 44 ++++++++++----------------------------------
 1 file changed, 10 insertions(+), 34 deletions(-)


More information about the kernel-team mailing list