** Changed in: linux-lts-backport-natty (Ubuntu Lucid)
Status: In Progress => Fix Committed
** Changed in: linux-mvl-dove (Ubuntu Lucid)
Status: In Progress => Fix Committed
** Changed in: linux-mvl-dove (Ubuntu Maverick)
Status: In Progress => Fix Committed
** Changed in: linux-lts-backport-maverick (Ubuntu Lucid)
Status: In Progress => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Oneiric)
Status: In Progress => Fix Committed
** Description changed:
The add_del_listener function in kernel/taskstats.c in the Linux kernel
2.6.39.1 and earlier does not prevent multiple registrations of exit
- handlers, which allows local users to cause a denial of service (memory and
- CPU consumption), and bypass the OOM Killer, via a crafted application.
+ handlers, which allows local users to cause a denial of service (memory
+ and CPU consumption), and bypass the OOM Killer, via a crafted
+ application.
Fixed-by: 26c4caea9d697043cc5a458b96411b86d7f6babd
-
- commit 26c4caea9d697043cc5a458b96411b86d7f6babd
- Author: Vasiliy Kulikov <[email protected]>
- Date: Mon Jun 27 16:18:11 2011 -0700
-
- taskstats: don't allow duplicate entries in listener mode
-
- Currently a single process may register exit handlers unlimited times.
- It may lead to a bloated listeners chain and very slow process
- terminations.
-
- Eg after 10KK sent TASKSTATS_CMD_ATTR_REGISTER_CPUMASKs ~300 Mb of
- kernel memory is stolen for the handlers chain and "time id" shows 2-7
- seconds instead of normal 0.003. It makes it possible to exhaust all
- kernel memory and to eat much of CPU time by triggerring numerous exits
- on a single CPU.
-
- The patch limits the number of times a single process may register
- itself on a single CPU to one.
-
- One little issue is kept unfixed - as taskstats_exit() is called before
- exit_files() in do_exit(), the orphaned listener entry (if it was not
- explicitly deregistered) is kept until the next someone's exit() and
- implicit deregistration in send_cpu_listeners(). So, if a process
- registered itself as a listener exits and the next spawned process gets
- the same pid, it would inherit taskstats attributes.
-
- Signed-off-by: Vasiliy Kulikov <[email protected]>
- Cc: Balbir Singh <[email protected]>
- Cc: <[email protected]>
- Signed-off-by: Andrew Morton <[email protected]>
- Signed-off-by: Linus Torvalds <[email protected]>
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/806390
Title:
CVE-2011-2484
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/806390/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
