APPLIED [OEM-5.13] Re: [SRU Bionic/Focal/Hirsute/Impish/hwe-5.8/oem-5.10/oem-5.13 0/1] CVE-2021-3759
tjaalton at ubuntu.com
Fri Oct 1 07:10:18 UTC 2021
On 28.9.2021 21.56, Thadeu Lima de Souza Cascardo wrote:
> IPC objects are unaccounted as memcg limits, breaking them and leading
> to DoS (OOM outside the memory cgroup).
> The allocation calls have changed from kvmalloc from kmalloc or kmalloc to
> kzalloc. I kept them as they were, just changing the GPF_KERNEL to
> GPF_KERNEL_ACCOUNT as from the original commit.
> [Test case]
> I did a large semget loop. When the process was on a memcg, without the fix,
> processes from outside the cgroup would be killed, whereas, with the fix,
> only processes whithin the cgroup would be OOM-killed.
> [Potential regression]
> IPC requests may be refused when processes are restricted to memory cgroups.
> Vasily Averin (1):
> memcg: enable accounting of ipc resources
> ipc/msg.c | 2 +-
> ipc/sem.c | 9 +++++----
> ipc/shm.c | 2 +-
> 3 files changed, 7 insertions(+), 6 deletions(-)
applied to oem-5.13, thanks
More information about the kernel-team