ACK: [SRU Bionic/Focal/Hirsute/Impish/hwe-5.8/oem-5.10/oem-5.13 0/1] CVE-2021-3759
Stefan Bader
stefan.bader at canonical.com
Fri Oct 1 09:01:07 UTC 2021
On 28.09.21 20:56, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> IPC objects are unaccounted as memcg limits, breaking them and leading
> to DoS (OOM outside the memory cgroup).
>
> [Backports]
> The allocation calls have changed from kvmalloc from kmalloc or kmalloc to
> kzalloc. I kept them as they were, just changing the GPF_KERNEL to
> GPF_KERNEL_ACCOUNT as from the original commit.
>
> [Test case]
> I did a large semget loop. When the process was on a memcg, without the fix,
> processes from outside the cgroup would be killed, whereas, with the fix,
> only processes whithin the cgroup would be OOM-killed.
>
> [Potential regression]
> IPC requests may be refused when processes are restricted to memory cgroups.
>
> Vasily Averin (1):
> memcg: enable accounting of ipc resources
>
> ipc/msg.c | 2 +-
> ipc/sem.c | 9 +++++----
> ipc/shm.c | 2 +-
> 3 files changed, 7 insertions(+), 6 deletions(-)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20211001/d282db9d/attachment.sig>
More information about the kernel-team
mailing list