| Message ID | 20191017175133.11149-1-connor.kuehl@canonical.com |
|---|---|
| Headers | show |
| Series | Fix for fair scheduler | expand |
On 17.10.19 19:51, Connor Kuehl wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20784.html > > From the link above: > > "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf > cfs_rq's, which allows attackers to cause a denial of service (infinite > loop in update_blocked_averages) or possibly have unspecified other impact > by inducing a high load." > > In the first submission for this backport, I had only backported c40f7d74c741 > ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") > which ends up reverting a fix that was SRU'd previously. > > Here is that previous SRU: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896 > > This submission contains the fix for this CVE as well as the necessary > patches for preserving the fix for the previously SRU'd patch (these > were found by Tyler Hicks. Thank you, Tyler!) > > For posterity, my testing was as follows (taken from the LP report > above in the bug description): > > I booted Xenial in a 64 bit VM twice. The first time was without this > CVE backport applied. The second time was with it applied. I ran the > reproducer in both cases and experienced the same CPU utilization (both > cores I allocated to my VM were at 100%) and in both cases I experienced > stable memory pressure. They would both hover around 120MB ± 3-5MB. > > With this submission, I also observed the same results with watching the > cfs_rqs. With and without this backport applied, the cfs_rqs fluctuated > between 13-18. This is an improvement over the previous submission of > this CVE backport since the previous version experienced different > results by watching the cfs_rqs (namely, they'd remain at 61 for the > duration of the tests). > > Linus Torvalds (1): > sched/fair: Fix infinite loop in update_blocked_averages() by > reverting a9e7f6544b9c > > Peter Zijlstra (1): > sched/fair: Add tmp_alone_branch assertion > > Vincent Guittot (4): > sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list > sched/fair: Fix insertion in rq->leaf_cfs_rq_list > sched/fair: Optimize update_blocked_averages() > sched/fair: Fix O(nr_cgroups) in the load balancing path > > kernel/sched/core.c | 1 + > kernel/sched/fair.c | 140 ++++++++++++++++++++++++++++++++++++------- > kernel/sched/sched.h | 1 + > 3 files changed, 119 insertions(+), 23 deletions(-) > Rather complex change but security relevant and promising test results. Acked-by: Stefan Bader <stefan.bader@canonical.com>
Just a ping for this patch set. On 10/17/19 10:51 AM, Connor Kuehl wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20784.html > > From the link above: > > "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf > cfs_rq's, which allows attackers to cause a denial of service (infinite > loop in update_blocked_averages) or possibly have unspecified other impact > by inducing a high load." > > In the first submission for this backport, I had only backported c40f7d74c741 > ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") > which ends up reverting a fix that was SRU'd previously. > > Here is that previous SRU: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896 > > This submission contains the fix for this CVE as well as the necessary > patches for preserving the fix for the previously SRU'd patch (these > were found by Tyler Hicks. Thank you, Tyler!) > > For posterity, my testing was as follows (taken from the LP report > above in the bug description): > > I booted Xenial in a 64 bit VM twice. The first time was without this > CVE backport applied. The second time was with it applied. I ran the > reproducer in both cases and experienced the same CPU utilization (both > cores I allocated to my VM were at 100%) and in both cases I experienced > stable memory pressure. They would both hover around 120MB ± 3-5MB. > > With this submission, I also observed the same results with watching the > cfs_rqs. With and without this backport applied, the cfs_rqs fluctuated > between 13-18. This is an improvement over the previous submission of > this CVE backport since the previous version experienced different > results by watching the cfs_rqs (namely, they'd remain at 61 for the > duration of the tests). > > Linus Torvalds (1): > sched/fair: Fix infinite loop in update_blocked_averages() by > reverting a9e7f6544b9c > > Peter Zijlstra (1): > sched/fair: Add tmp_alone_branch assertion > > Vincent Guittot (4): > sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list > sched/fair: Fix insertion in rq->leaf_cfs_rq_list > sched/fair: Optimize update_blocked_averages() > sched/fair: Fix O(nr_cgroups) in the load balancing path > > kernel/sched/core.c | 1 + > kernel/sched/fair.c | 140 ++++++++++++++++++++++++++++++++++++------- > kernel/sched/sched.h | 1 + > 3 files changed, 119 insertions(+), 23 deletions(-) >
On Thu, Oct 17, 2019 at 10:51:27AM -0700, Connor Kuehl wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20784.html > > From the link above: > > "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf > cfs_rq's, which allows attackers to cause a denial of service (infinite > loop in update_blocked_averages) or possibly have unspecified other impact > by inducing a high load." > > In the first submission for this backport, I had only backported c40f7d74c741 > ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") > which ends up reverting a fix that was SRU'd previously. > > Here is that previous SRU: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896 > > This submission contains the fix for this CVE as well as the necessary > patches for preserving the fix for the previously SRU'd patch (these > were found by Tyler Hicks. Thank you, Tyler!) > > For posterity, my testing was as follows (taken from the LP report > above in the bug description): > > I booted Xenial in a 64 bit VM twice. The first time was without this > CVE backport applied. The second time was with it applied. I ran the > reproducer in both cases and experienced the same CPU utilization (both > cores I allocated to my VM were at 100%) and in both cases I experienced > stable memory pressure. They would both hover around 120MB ± 3-5MB. > > With this submission, I also observed the same results with watching the > cfs_rqs. With and without this backport applied, the cfs_rqs fluctuated > between 13-18. This is an improvement over the previous submission of > this CVE backport since the previous version experienced different > results by watching the cfs_rqs (namely, they'd remain at 61 for the > duration of the tests). > > Linus Torvalds (1): > sched/fair: Fix infinite loop in update_blocked_averages() by > reverting a9e7f6544b9c > > Peter Zijlstra (1): > sched/fair: Add tmp_alone_branch assertion > > Vincent Guittot (4): > sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list > sched/fair: Fix insertion in rq->leaf_cfs_rq_list > sched/fair: Optimize update_blocked_averages() > sched/fair: Fix O(nr_cgroups) in the load balancing path > > kernel/sched/core.c | 1 + > kernel/sched/fair.c | 140 ++++++++++++++++++++++++++++++++++++------- > kernel/sched/sched.h | 1 + > 3 files changed, 119 insertions(+), 23 deletions(-) > > -- > 2.17.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Acked-by: Sultan Alsawaf <sultan.alsawaf@canonical.com>
On 2019-10-17 10:51:27 , Connor Kuehl wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20784.html > > From the link above: > > "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf > cfs_rq's, which allows attackers to cause a denial of service (infinite > loop in update_blocked_averages) or possibly have unspecified other impact > by inducing a high load." > > In the first submission for this backport, I had only backported c40f7d74c741 > ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") > which ends up reverting a fix that was SRU'd previously. > > Here is that previous SRU: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896 > > This submission contains the fix for this CVE as well as the necessary > patches for preserving the fix for the previously SRU'd patch (these > were found by Tyler Hicks. Thank you, Tyler!) > > For posterity, my testing was as follows (taken from the LP report > above in the bug description): > > I booted Xenial in a 64 bit VM twice. The first time was without this > CVE backport applied. The second time was with it applied. I ran the > reproducer in both cases and experienced the same CPU utilization (both > cores I allocated to my VM were at 100%) and in both cases I experienced > stable memory pressure. They would both hover around 120MB ± 3-5MB. > > With this submission, I also observed the same results with watching the > cfs_rqs. With and without this backport applied, the cfs_rqs fluctuated > between 13-18. This is an improvement over the previous submission of > this CVE backport since the previous version experienced different > results by watching the cfs_rqs (namely, they'd remain at 61 for the > duration of the tests). > > Linus Torvalds (1): > sched/fair: Fix infinite loop in update_blocked_averages() by > reverting a9e7f6544b9c > > Peter Zijlstra (1): > sched/fair: Add tmp_alone_branch assertion > > Vincent Guittot (4): > sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list > sched/fair: Fix insertion in rq->leaf_cfs_rq_list > sched/fair: Optimize update_blocked_averages() > sched/fair: Fix O(nr_cgroups) in the load balancing path > > kernel/sched/core.c | 1 + > kernel/sched/fair.c | 140 ++++++++++++++++++++++++++++++++++++------- > kernel/sched/sched.h | 1 + > 3 files changed, 119 insertions(+), 23 deletions(-) > > -- > 2.17.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20784.html From the link above: "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load." In the first submission for this backport, I had only backported c40f7d74c741 ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") which ends up reverting a fix that was SRU'd previously. Here is that previous SRU: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896 This submission contains the fix for this CVE as well as the necessary patches for preserving the fix for the previously SRU'd patch (these were found by Tyler Hicks. Thank you, Tyler!) For posterity, my testing was as follows (taken from the LP report above in the bug description): I booted Xenial in a 64 bit VM twice. The first time was without this CVE backport applied. The second time was with it applied. I ran the reproducer in both cases and experienced the same CPU utilization (both cores I allocated to my VM were at 100%) and in both cases I experienced stable memory pressure. They would both hover around 120MB ± 3-5MB. With this submission, I also observed the same results with watching the cfs_rqs. With and without this backport applied, the cfs_rqs fluctuated between 13-18. This is an improvement over the previous submission of this CVE backport since the previous version experienced different results by watching the cfs_rqs (namely, they'd remain at 61 for the duration of the tests). Linus Torvalds (1): sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c Peter Zijlstra (1): sched/fair: Add tmp_alone_branch assertion Vincent Guittot (4): sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list sched/fair: Fix insertion in rq->leaf_cfs_rq_list sched/fair: Optimize update_blocked_averages() sched/fair: Fix O(nr_cgroups) in the load balancing path kernel/sched/core.c | 1 + kernel/sched/fair.c | 140 ++++++++++++++++++++++++++++++++++++------- kernel/sched/sched.h | 1 + 3 files changed, 119 insertions(+), 23 deletions(-)