Message ID | 20210928185648.144163-1-cascardo@canonical.com |
---|---|
Headers | show |
Series | CVE-2021-3759 | expand |
Acked-by: Tim Gardner <tim.gardner@canonical.com> LGTM On 9/28/21 12:56 PM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > IPC objects are unaccounted as memcg limits, breaking them and leading > to DoS (OOM outside the memory cgroup). > > [Backports] > The allocation calls have changed from kvmalloc from kmalloc or kmalloc to > kzalloc. I kept them as they were, just changing the GPF_KERNEL to > GPF_KERNEL_ACCOUNT as from the original commit. > > [Test case] > I did a large semget loop. When the process was on a memcg, without the fix, > processes from outside the cgroup would be killed, whereas, with the fix, > only processes whithin the cgroup would be OOM-killed. > > [Potential regression] > IPC requests may be refused when processes are restricted to memory cgroups. > > Vasily Averin (1): > memcg: enable accounting of ipc resources > > ipc/msg.c | 2 +- > ipc/sem.c | 9 +++++---- > ipc/shm.c | 2 +- > 3 files changed, 7 insertions(+), 6 deletions(-) >
On 28.9.2021 21.56, Thadeu Lima de Souza Cascardo wrote: > [Impact] > IPC objects are unaccounted as memcg limits, breaking them and leading > to DoS (OOM outside the memory cgroup). > > [Backports] > The allocation calls have changed from kvmalloc from kmalloc or kmalloc to > kzalloc. I kept them as they were, just changing the GPF_KERNEL to > GPF_KERNEL_ACCOUNT as from the original commit. > > [Test case] > I did a large semget loop. When the process was on a memcg, without the fix, > processes from outside the cgroup would be killed, whereas, with the fix, > only processes whithin the cgroup would be OOM-killed. > > [Potential regression] > IPC requests may be refused when processes are restricted to memory cgroups. > > Vasily Averin (1): > memcg: enable accounting of ipc resources > > ipc/msg.c | 2 +- > ipc/sem.c | 9 +++++---- > ipc/shm.c | 2 +- > 3 files changed, 7 insertions(+), 6 deletions(-) > applied to oem-5.13, thanks
On 28.09.21 20:56, Thadeu Lima de Souza Cascardo wrote: > [Impact] > IPC objects are unaccounted as memcg limits, breaking them and leading > to DoS (OOM outside the memory cgroup). > > [Backports] > The allocation calls have changed from kvmalloc from kmalloc or kmalloc to > kzalloc. I kept them as they were, just changing the GPF_KERNEL to > GPF_KERNEL_ACCOUNT as from the original commit. > > [Test case] > I did a large semget loop. When the process was on a memcg, without the fix, > processes from outside the cgroup would be killed, whereas, with the fix, > only processes whithin the cgroup would be OOM-killed. > > [Potential regression] > IPC requests may be refused when processes are restricted to memory cgroups. > > Vasily Averin (1): > memcg: enable accounting of ipc resources > > ipc/msg.c | 2 +- > ipc/sem.c | 9 +++++---- > ipc/shm.c | 2 +- > 3 files changed, 7 insertions(+), 6 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 28.09.21 20:56, Thadeu Lima de Souza Cascardo wrote: > [Impact] > IPC objects are unaccounted as memcg limits, breaking them and leading > to DoS (OOM outside the memory cgroup). > > [Backports] > The allocation calls have changed from kvmalloc from kmalloc or kmalloc to > kzalloc. I kept them as they were, just changing the GPF_KERNEL to > GPF_KERNEL_ACCOUNT as from the original commit. > > [Test case] > I did a large semget loop. When the process was on a memcg, without the fix, > processes from outside the cgroup would be killed, whereas, with the fix, > only processes whithin the cgroup would be OOM-killed. > > [Potential regression] > IPC requests may be refused when processes are restricted to memory cgroups. > > Vasily Averin (1): > memcg: enable accounting of ipc resources > > ipc/msg.c | 2 +- > ipc/sem.c | 9 +++++---- > ipc/shm.c | 2 +- > 3 files changed, 7 insertions(+), 6 deletions(-) > Applied to focal:linux-hwe-5.8/hwe-5.8. Thanks. -Stefan
applied to oem-5.10, thanks
Acked-By: AceLan Kao <acelan.kao@canonical.com>
Applied to bionic and focal master-next. Thank you! -Kelsey On 2021-09-28 15:56:46 , Thadeu Lima de Souza Cascardo wrote: > [Impact] > IPC objects are unaccounted as memcg limits, breaking them and leading > to DoS (OOM outside the memory cgroup). > > [Backports] > The allocation calls have changed from kvmalloc from kmalloc or kmalloc to > kzalloc. I kept them as they were, just changing the GPF_KERNEL to > GPF_KERNEL_ACCOUNT as from the original commit. > > [Test case] > I did a large semget loop. When the process was on a memcg, without the fix, > processes from outside the cgroup would be killed, whereas, with the fix, > only processes whithin the cgroup would be OOM-killed. > > [Potential regression] > IPC requests may be refused when processes are restricted to memory cgroups. > > Vasily Averin (1): > memcg: enable accounting of ipc resources > > ipc/msg.c | 2 +- > ipc/sem.c | 9 +++++---- > ipc/shm.c | 2 +- > 3 files changed, 7 insertions(+), 6 deletions(-) > > -- > 2.30.2 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team