APPLIED[B/F]: [SRU Bionic/Focal/Hirsute/Impish/hwe-5.8/oem-5.10/oem-5.13 0/1] CVE-2021-3759
Kelsey Skunberg
kelsey.skunberg at canonical.com
Tue Oct 12 22:49:15 UTC 2021
Applied to bionic and focal master-next. Thank you!
-Kelsey
On 2021-09-28 15:56:46 , Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> IPC objects are unaccounted as memcg limits, breaking them and leading
> to DoS (OOM outside the memory cgroup).
>
> [Backports]
> The allocation calls have changed from kvmalloc from kmalloc or kmalloc to
> kzalloc. I kept them as they were, just changing the GPF_KERNEL to
> GPF_KERNEL_ACCOUNT as from the original commit.
>
> [Test case]
> I did a large semget loop. When the process was on a memcg, without the fix,
> processes from outside the cgroup would be killed, whereas, with the fix,
> only processes whithin the cgroup would be OOM-killed.
>
> [Potential regression]
> IPC requests may be refused when processes are restricted to memory cgroups.
>
> Vasily Averin (1):
> memcg: enable accounting of ipc resources
>
> ipc/msg.c | 2 +-
> ipc/sem.c | 9 +++++----
> ipc/shm.c | 2 +-
> 3 files changed, 7 insertions(+), 6 deletions(-)
>
> --
> 2.30.2
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list