Message ID | 20191017175133.11149-1-connor.kuehl@canonical.com |
---|---|
Headers | show |
Series | Fix for fair scheduler | expand |
On 17.10.19 19:51, Connor Kuehl wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20784.html > > From the link above: > > "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf > cfs_rq's, which allows attackers to cause a denial of service (infinite > loop in update_blocked_averages) or possibly have unspecified other impact > by inducing a high load." > > In the first submission for this backport, I had only backported c40f7d74c741 > ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") > which ends up reverting a fix that was SRU'd previously. > > Here is that previous SRU: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896 > > This submission contains the fix for this CVE as well as the necessary > patches for preserving the fix for the previously SRU'd patch (these > were found by Tyler Hicks. Thank you, Tyler!) > > For posterity, my testing was as follows (taken from the LP report > above in the bug description): > > I booted Xenial in a 64 bit VM twice. The first time was without this > CVE backport applied. The second time was with it applied. I ran the > reproducer in both cases and experienced the same CPU utilization (both > cores I allocated to my VM were at 100%) and in both cases I experienced > stable memory pressure. They would both hover around 120MB ± 3-5MB. > > With this submission, I also observed the same results with watching the > cfs_rqs. With and without this backport applied, the cfs_rqs fluctuated > between 13-18. This is an improvement over the previous submission of > this CVE backport since the previous version experienced different > results by watching the cfs_rqs (namely, they'd remain at 61 for the > duration of the tests). > > Linus Torvalds (1): > sched/fair: Fix infinite loop in update_blocked_averages() by > reverting a9e7f6544b9c > > Peter Zijlstra (1): > sched/fair: Add tmp_alone_branch assertion > > Vincent Guittot (4): > sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list > sched/fair: Fix insertion in rq->leaf_cfs_rq_list > sched/fair: Optimize update_blocked_averages() > sched/fair: Fix O(nr_cgroups) in the load balancing path > > kernel/sched/core.c | 1 + > kernel/sched/fair.c | 140 ++++++++++++++++++++++++++++++++++++------- > kernel/sched/sched.h | 1 + > 3 files changed, 119 insertions(+), 23 deletions(-) > Rather complex change but security relevant and promising test results. Acked-by: Stefan Bader <stefan.bader@canonical.com>
Just a ping for this patch set. On 10/17/19 10:51 AM, Connor Kuehl wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20784.html > > From the link above: > > "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf > cfs_rq's, which allows attackers to cause a denial of service (infinite > loop in update_blocked_averages) or possibly have unspecified other impact > by inducing a high load." > > In the first submission for this backport, I had only backported c40f7d74c741 > ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") > which ends up reverting a fix that was SRU'd previously. > > Here is that previous SRU: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896 > > This submission contains the fix for this CVE as well as the necessary > patches for preserving the fix for the previously SRU'd patch (these > were found by Tyler Hicks. Thank you, Tyler!) > > For posterity, my testing was as follows (taken from the LP report > above in the bug description): > > I booted Xenial in a 64 bit VM twice. The first time was without this > CVE backport applied. The second time was with it applied. I ran the > reproducer in both cases and experienced the same CPU utilization (both > cores I allocated to my VM were at 100%) and in both cases I experienced > stable memory pressure. They would both hover around 120MB ± 3-5MB. > > With this submission, I also observed the same results with watching the > cfs_rqs. With and without this backport applied, the cfs_rqs fluctuated > between 13-18. This is an improvement over the previous submission of > this CVE backport since the previous version experienced different > results by watching the cfs_rqs (namely, they'd remain at 61 for the > duration of the tests). > > Linus Torvalds (1): > sched/fair: Fix infinite loop in update_blocked_averages() by > reverting a9e7f6544b9c > > Peter Zijlstra (1): > sched/fair: Add tmp_alone_branch assertion > > Vincent Guittot (4): > sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list > sched/fair: Fix insertion in rq->leaf_cfs_rq_list > sched/fair: Optimize update_blocked_averages() > sched/fair: Fix O(nr_cgroups) in the load balancing path > > kernel/sched/core.c | 1 + > kernel/sched/fair.c | 140 ++++++++++++++++++++++++++++++++++++------- > kernel/sched/sched.h | 1 + > 3 files changed, 119 insertions(+), 23 deletions(-) >
On Thu, Oct 17, 2019 at 10:51:27AM -0700, Connor Kuehl wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20784.html > > From the link above: > > "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf > cfs_rq's, which allows attackers to cause a denial of service (infinite > loop in update_blocked_averages) or possibly have unspecified other impact > by inducing a high load." > > In the first submission for this backport, I had only backported c40f7d74c741 > ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") > which ends up reverting a fix that was SRU'd previously. > > Here is that previous SRU: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896 > > This submission contains the fix for this CVE as well as the necessary > patches for preserving the fix for the previously SRU'd patch (these > were found by Tyler Hicks. Thank you, Tyler!) > > For posterity, my testing was as follows (taken from the LP report > above in the bug description): > > I booted Xenial in a 64 bit VM twice. The first time was without this > CVE backport applied. The second time was with it applied. I ran the > reproducer in both cases and experienced the same CPU utilization (both > cores I allocated to my VM were at 100%) and in both cases I experienced > stable memory pressure. They would both hover around 120MB ± 3-5MB. > > With this submission, I also observed the same results with watching the > cfs_rqs. With and without this backport applied, the cfs_rqs fluctuated > between 13-18. This is an improvement over the previous submission of > this CVE backport since the previous version experienced different > results by watching the cfs_rqs (namely, they'd remain at 61 for the > duration of the tests). > > Linus Torvalds (1): > sched/fair: Fix infinite loop in update_blocked_averages() by > reverting a9e7f6544b9c > > Peter Zijlstra (1): > sched/fair: Add tmp_alone_branch assertion > > Vincent Guittot (4): > sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list > sched/fair: Fix insertion in rq->leaf_cfs_rq_list > sched/fair: Optimize update_blocked_averages() > sched/fair: Fix O(nr_cgroups) in the load balancing path > > kernel/sched/core.c | 1 + > kernel/sched/fair.c | 140 ++++++++++++++++++++++++++++++++++++------- > kernel/sched/sched.h | 1 + > 3 files changed, 119 insertions(+), 23 deletions(-) > > -- > 2.17.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Acked-by: Sultan Alsawaf <sultan.alsawaf@canonical.com>
On 2019-10-17 10:51:27 , Connor Kuehl wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20784.html > > From the link above: > > "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf > cfs_rq's, which allows attackers to cause a denial of service (infinite > loop in update_blocked_averages) or possibly have unspecified other impact > by inducing a high load." > > In the first submission for this backport, I had only backported c40f7d74c741 > ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") > which ends up reverting a fix that was SRU'd previously. > > Here is that previous SRU: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1747896 > > This submission contains the fix for this CVE as well as the necessary > patches for preserving the fix for the previously SRU'd patch (these > were found by Tyler Hicks. Thank you, Tyler!) > > For posterity, my testing was as follows (taken from the LP report > above in the bug description): > > I booted Xenial in a 64 bit VM twice. The first time was without this > CVE backport applied. The second time was with it applied. I ran the > reproducer in both cases and experienced the same CPU utilization (both > cores I allocated to my VM were at 100%) and in both cases I experienced > stable memory pressure. They would both hover around 120MB ± 3-5MB. > > With this submission, I also observed the same results with watching the > cfs_rqs. With and without this backport applied, the cfs_rqs fluctuated > between 13-18. This is an improvement over the previous submission of > this CVE backport since the previous version experienced different > results by watching the cfs_rqs (namely, they'd remain at 61 for the > duration of the tests). > > Linus Torvalds (1): > sched/fair: Fix infinite loop in update_blocked_averages() by > reverting a9e7f6544b9c > > Peter Zijlstra (1): > sched/fair: Add tmp_alone_branch assertion > > Vincent Guittot (4): > sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list > sched/fair: Fix insertion in rq->leaf_cfs_rq_list > sched/fair: Optimize update_blocked_averages() > sched/fair: Fix O(nr_cgroups) in the load balancing path > > kernel/sched/core.c | 1 + > kernel/sched/fair.c | 140 ++++++++++++++++++++++++++++++++++++------- > kernel/sched/sched.h | 1 + > 3 files changed, 119 insertions(+), 23 deletions(-) > > -- > 2.17.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team