[SRU Bionic/Focal/Hirsute/Impish/hwe-5.8/oem-5.10/oem-5.13 0/1] CVE-2021-3759
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Sep 28 18:56:46 UTC 2021
[Impact]
IPC objects are unaccounted as memcg limits, breaking them and leading
to DoS (OOM outside the memory cgroup).
[Backports]
The allocation calls have changed from kvmalloc from kmalloc or kmalloc to
kzalloc. I kept them as they were, just changing the GPF_KERNEL to
GPF_KERNEL_ACCOUNT as from the original commit.
[Test case]
I did a large semget loop. When the process was on a memcg, without the fix,
processes from outside the cgroup would be killed, whereas, with the fix,
only processes whithin the cgroup would be OOM-killed.
[Potential regression]
IPC requests may be refused when processes are restricted to memory cgroups.
Vasily Averin (1):
memcg: enable accounting of ipc resources
ipc/msg.c | 2 +-
ipc/sem.c | 9 +++++----
ipc/shm.c | 2 +-
3 files changed, 7 insertions(+), 6 deletions(-)
--
2.30.2
More information about the kernel-team
mailing list