ACK: [Xenial][SRU][CVE-2018-20784][PATCH 0/1] fix infinite loop

Andrea Righi andrea.righi at
Mon Sep 30 15:46:02 UTC 2019

On Fri, Sep 27, 2019 at 11:54:49AM -0700, Connor Kuehl wrote:
> From the link above:
> 	"In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf
> 	cfs_rq's, which allows attackers to cause a denial of service (infinite
> 	loop in update_blocked_averages) or possibly have unspecified other impact
> 	by inducing a high load."
> Note, this fix reverts another patch that was specifically SRU'd in to
> Xenial:
> In the hopes of avoiding a trade of 1 regression for another, I did a bit of an
> A/B test to see if I could experience any blatant issues.
> I booted Xenial in a 64 bit VM twice. The first time was without this
> CVE backport applied. The second time was with it applied. I ran the
> reproducer in both cases and experienced the same CPU utilization (both
> cores I allocated to my VM were at 100%) and in both cases I experienced
> stable memory pressure. They would both hover around 120MB +/- 3-5MB.
> The primary difference between the two runs was where I'd watch the
> cfs_rqs:
> WITHOUT the CVE backport: the cfs_rqs fluctuated between 13-18
> WITH the CVE backport: the cfs_rqs started around 65, then floated down
> to 61.
> If there are more tests that anyone would like to see performed before
> we settle on a decision for this backport, please let me know. I'm happy
> to do it.
> - Connor
> Linus Torvalds (1):
>   sched/fair: Fix infinite loop in update_blocked_averages() by
>     reverting a9e7f6544b9c
>  kernel/sched/fair.c | 44 ++++++++++----------------------------------
>  1 file changed, 10 insertions(+), 34 deletions(-)

It seems reasonable to apply this and the backport looks good.

Acked-by: Andrea Righi <andrea.righi at>

More information about the kernel-team mailing list