bugbot adjusting priority

(In reply to Andreas Stieger from comment #0)
> A local DoS Via rh#1198109
> 
> It was found that the Linux kernel memory resource controller's (memcg)
> handling of OOM (out of memory) conditions could lead to deadlocks. An
> attacker able to continuously spawn new processes within a single
> memory-constrained cgroup during an OOM event could use this flaw to lock up
> the system.

To be honest I consider this a bogus report. I am very well aware of the issue here, which has barely anything to do with spawning new processes. The deadlock could happen if a task which triggered memcg OOM due to a memcg charge could be holding a lock (e.g. i_mutex) and the OOM victim could be blocked on the very same mutex. This alone is not nice because all the charges would block in that memcg but DoSing within a memcg is acceptable (if for nothing else the DoS is local to the group). The _only_ problem here is that the same i_mutex (same inode) might be needed from another memcg. This is bad but not unrecoverable. Admin can still temporarily increase the limit of the locked up group and the deadlock would be resolved.

That being said. The issue is not ideal but I do not think it deserves a CVE. The deadlock is recoverable by an administrator. Considering how much code is needed for this to be fixed and low impact I would be reluctant to backport it to SLE branches.

What do you think Marcus?

At this time I would also not want to backport this as it has a too high risk of breakage.


I was also thinking of disputing the CVE allocation, but its still to some degree even if minor an issues.

(In reply to Marcus Meissner from comment #4)
> At this time I would also not want to backport this as it has a too high
> risk of breakage.

FWIW, I've forgot to mention that the patchset also changes the semantic of the memcg oom killer. Only the page fault is triggering the OOM killer now. This means that a large class of syscalls will return with ENOMEM rather than a task would get killed (some do not do even that e.g. mmap(MAP_LOCKED) as can be seen in bug 912939. I do not think this is necessarily a bad behavior but such a change is not something for a maint. update for sure.

So I guess we should go with WONTFIX here?

I would go with WONTFIX, and post some form of a note to our CVE pages.

(In reply to Marcus Meissner from comment #6)
> I would go with WONTFIX, and post some form of a note to our CVE pages.

Do you want me to put something together or you are able to extract that from my previous comments?

Is this fine?

"This issue affects SUSE Linux Enterprise 11 kernels. It is however an attack that requires constant attacker work to be persistant and can be resolved by an administrator. As it is a difficult fix to backport and also changes API semantics, we will not fix this issue for SUSE Linux Enterprise 11 at this time."

(In reply to Marcus Meissner from comment #8)
> Is this fine?
> 
> "This issue affects SUSE Linux Enterprise 11 kernels. It is however an
> attack that requires constant attacker work to be persistant and can be
> resolved by an administrator. As it is a difficult fix to backport and also
> changes API semantics, we will not fix this issue for SUSE Linux Enterprise
> 11 at this time."

OK.

It seems kernel work is done here, reassigning back to sec-team.

lets close