APPLIED[B/F]: [SRU Bionic/Focal/Hirsute/Impish/hwe-5.8/oem-5.10/oem-5.13 0/1] CVE-2021-3759
kelsey.skunberg at canonical.com
Tue Oct 12 22:49:15 UTC 2021
Applied to bionic and focal master-next. Thank you!
On 2021-09-28 15:56:46 , Thadeu Lima de Souza Cascardo wrote:
> IPC objects are unaccounted as memcg limits, breaking them and leading
> to DoS (OOM outside the memory cgroup).
> The allocation calls have changed from kvmalloc from kmalloc or kmalloc to
> kzalloc. I kept them as they were, just changing the GPF_KERNEL to
> GPF_KERNEL_ACCOUNT as from the original commit.
> [Test case]
> I did a large semget loop. When the process was on a memcg, without the fix,
> processes from outside the cgroup would be killed, whereas, with the fix,
> only processes whithin the cgroup would be OOM-killed.
> [Potential regression]
> IPC requests may be refused when processes are restricted to memory cgroups.
> Vasily Averin (1):
> memcg: enable accounting of ipc resources
> ipc/msg.c | 2 +-
> ipc/sem.c | 9 +++++----
> ipc/shm.c | 2 +-
> 3 files changed, 7 insertions(+), 6 deletions(-)
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
More information about the kernel-team