Bug 1492664

Summary: kernel: Soft lockup in warn_alloc
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: agordeev, airlied, ajax, aquini, bhu, blc, bskeggs, dhoward, eparis, esammons, esandeen, fhrbata, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarodwilson, jforbes, jglisse, jkacur, jonathan, josef, jross, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, lwang, matt, mchehab, mcressma, mguzik, mjg59, mlangsdo, nhorman, nmurray, penguin-kernel, plougher, quintela, rt-maint, rvrbovsk, slawomir, steved, williams, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-10-03 00:36:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1492665    
Bug Blocks: 1492671    

Description Adam Mariš 2017-09-18 12:25:32 UTC 
A soft lockup caused by running uncontrolled concurrent warn_alloc() calls when running LTP memcg_stress test was found.

Bug report:

https://www.spinics.net/lists/linux-mm/msg128248.html
Comment 1 Adam Mariš 2017-09-18 12:26:32 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1492665]
Comment 2 Wade Mealing 2017-10-03 00:35:52 UTC 
Soft lockup during stress testing is very common.

This would fall under DOS at best, I'm not convinced that we should chase up all softlockups to their security case as these can be very, very common on misconfigured systems, or people misconfiguring during benchmarking / overloading.

I'd say we'd get 5-10 of these a week in support and I wouldn't have the bandwidth to chase them down.  In this case it seems the cgroup operations are being abused.
Comment 3 Tetsuo Handa 2017-11-16 05:39:08 UTC 
This problem not only allows a local unprivileged user to intentionally lockup
the system but also allows some non stress test workload to by chance lockup.

This problem was addressed upstream as
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=400e22499dd92613821374c8c6c88c7225359980 .

Please be sure to backport to RHEL8 if using 4.9+ kernel.