A flaw was found in filelock_init in fs/locks.c in the Linux kernel. In this flaw, A host memory exhaustion is possible because memcg does not limit the number of POSIX file locks. Reference: https://github.com/kata-containers/kata-containers/issues/3373 https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2049708]
Marking Services notaffected per kernel analysis.
This was fixed for Fedora with the 5.15.x stable kernel rebases.
Upstream has revered the fix with the following details: *** commit 3754707bcc3e190e5dadc978d172b61e809cb3bd Author: Linus Torvalds <torvalds> Date: Tue Sep 7 11:21:48 2021 -0700 Revert "memcg: enable accounting for file lock caches" This reverts commit 0f12156dff2862ac54235fc72703f18770769042. The kernel test robot reports a sizeable performance regression for this commit, and while it clearly does the rigth thing in theory, we'll need to look at just how to avoid or minimize the performance overhead of the memcg accounting. People already have suggestions on how to do that, but it's "future work". So revert it for now. Link: https://lore.kernel.org/lkml/20210907150757.GE17617@xsang-OptiPlex-9020/ Acked-by: Jens Axboe <axboe> Acked-by: Shakeel Butt <shakeelb> Acked-by: Roman Gushchin <guro> Cc: Tejun Heo <tj> Signed-off-by: Linus Torvalds <torvalds> ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1250
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1303 https://access.redhat.com/errata/RHSA-2024:1303
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1304 https://access.redhat.com/errata/RHSA-2024:1304
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1306
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394