Bug 473259 - (CVE-2008-5300) CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage collector
CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage co...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,source=lkml,public=2...
: Security
Depends On: CVE-2008-5029 473263 473264 473265 473266 473267 473268 473269 473270
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-27 07:55 EST by Eugene Teo (Security Response)
Modified: 2016-03-15 05:26 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-09-30 17:07:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch for real-time kernel (2.49 KB, patch)
2008-11-27 07:58 EST, Eugene Teo (Security Response)
no flags Details | Diff
Upstream patch (3.21 KB, patch)
2008-12-03 00:55 EST, Eugene Teo (Security Response)
no flags Details | Diff
Upstream kernel 2.4 patch (3.63 KB, patch)
2009-04-13 22:40 EDT, Eugene Teo (Security Response)
no flags Details | Diff

  None (edit)
Description Eugene Teo (Security Response) 2008-11-27 07:55:25 EST
Reported and fixed by Dann Frazier <dannf@hp.com>:
This is an implementation of David Miller's suggested fix in:
  https://bugzilla.redhat.com/show_bug.cgi?id=470201

Paraphrasing the description from the above report, it makes sendmsg() block while UNIX garbage collection is in progress. This avoids a situation where child processes continue to queue new FDs over a AF_UNIX socket to a parent which is in the exit path and running garbage collection on these FDs. This contention can result in soft lockups and oom-killing of unrelated processes.

This bug was triggerable after fixing CVE-2008-5029. From Dave Miller, "It's a different bug, but triggerable by the same test program."

Reproducers:
https://bugzilla.redhat.com/show_bug.cgi?id=470201#c1
https://bugzilla.redhat.com/show_bug.cgi?id=470201#c7
Comment 1 Eugene Teo (Security Response) 2008-11-27 07:56:16 EST
Patch for this bug: http://marc.info/?l=linux-netdev&m=122771908731133&w=2
Comment 2 Eugene Teo (Security Response) 2008-11-27 07:58:57 EST
Created attachment 324874 [details]
Proposed patch for real-time kernel

This patch is to be applied on top of the CVE-2008-5029 fixes. I have tested it with unix.c in a tight loop, and I did not encounter any soft lock-ups or oom-killer problems. Kindly review/test.
Comment 5 Eugene Teo (Security Response) 2008-12-03 00:55:27 EST
Created attachment 325484 [details]
Upstream patch
Comment 6 Fedora Update System 2008-12-17 11:21:17 EST
kernel-2.6.27.9-159.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/kernel-2.6.27.9-159.fc10
Comment 7 Fedora Update System 2008-12-17 11:22:19 EST
kernel-2.6.27.9-73.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/kernel-2.6.27.9-73.fc9
Comment 8 Fedora Update System 2008-12-24 13:45:26 EST
kernel-2.6.27.9-159.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-12-24 13:47:43 EST
kernel-2.6.27.9-73.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2009-01-07 04:17:41 EST
kernel-2.6.26.8-57.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Mark J. Cox (Product Security) 2009-01-26 10:20:38 EST
Note that for Red Hat Enterprise Linux 5, the patch for CVE-2008-5029 included the fix for this issue.  I've updated RHSA-2009:0225 to show that CVE-2008-5300 was addressed.
Comment 13 Eugene Teo (Security Response) 2009-04-13 22:40:09 EDT
Created attachment 339407 [details]
Upstream kernel 2.4 patch
Comment 15 errata-xmlrpc 2009-11-03 17:00:22 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1550 https://rhn.redhat.com/errata/RHSA-2009-1550.html

Note You need to log in before you can comment on or make changes to this bug.