Bug 477744 (CVE-2008-5713)

Summary: CVE-2008-5713 kernel: soft lockup occurs when network load is very high
Product: [Other] Security Response Reporter: Eugene Teo (Security Response) <eteo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aca21, anton, ceho, chilek, dhoward, fleitner, jpirko, j.s.peatfield, lwang, serge
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-21 17:55:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 471398, 477745, 477746    
Bug Blocks:    
Attachments:
Description Flags
reproducer none

Description Eugene Teo (Security Response) 2008-12-23 09:08:04 UTC 
From Flavio Leitner:
On many core SMP machine (such as 16 core or more), soft lockup can occur when heavy network load are produced concurrently.

The lockup happens at __qdisc_run()(@net/sched/sch_generic.c:line 84). Because driver continue to send packet and return NETDEV_TX_OK, __qdisc_run() can't exit from qdisc_restart() loop.

This behavior may improve throughput, but some application can stuck over 10s.
This issue has been fixed on vanilla kernel.

Version-Release number of selected component:
kernel version: 2.6.18-92.el5 (RHEL5.2GA)

How reproducible:
It can be reproducible in dozens of seconds, on 16 core SMP box. This issue is easy to happen, when UDP workload is very high.

Steps to Reproduce:
On 16 core SMP machine, execute netperf in higher than 16 parallel with the following options, then it occurs at a client side.

# netperf -H <netserver_address> -l 60 -t UDP_STREAM -- -s 262144 -r 262144 -m
16384

Actual results:
A lot of soft lockup messages are recorded into syslog, and performance problem appears in some applications.

Expected results:
In kernel, any CPU doesn't dedicate to some work without schedule() for a long time.

Hardware info:
Express5800/140Rf-4

Business impact:
It makes customer's applications unresponsive too long and it makes impossible to apply RHEL5.2 to performance/latency sensitive systems.

Additional info:
git patch: [NET]: Add preemption point in qdisc_run
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0
Comment 1 Eugene Teo (Security Response) 2008-12-23 09:09:55 UTC 
Created attachment 327745 [details]
reproducer
Comment 2 Eugene Teo (Security Response) 2008-12-23 09:10:23 UTC 
(In reply to comment #1)
> Created an attachment (id=327745) [details]
> reproducer

Note netperf must be installed. Reproducer triggers the loockup for me safely with 40 tasks (the second cmd line parameter) on 16cpu machine. The first parameter is hostname of computer where "netserver" (part of netperf package) is running.
Comment 10 Vincent Danen 2010-12-21 17:55:22 UTC 
This was addressed via:

Red Hat Enterprise Linux version 5 (RHSA-2009:0264)