[Kernel-packages] [Bug 1886860] [NEW] cgroup refcount is bogus when cgroup_sk_alloc is disabled

Wed, 08 Jul 2020 11:20:53 -0700 

Public bug reported:

When net_prio and net_cls cgroups are used, cgroup refcount is bogus, as
it's not incremented anymore, but decremented when sockets are closed.

This might lead to crashes possibly because of use-after-free when
packets are received as shown in LP #1886668.

Cascardo.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu Bionic)
     Importance: High
     Assignee: Thadeu Lima de Souza Cascardo (cascardo)
         Status: Confirmed

** Affects: linux (Ubuntu Eoan)
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu Focal)
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu Groovy)
     Importance: Undecided
         Status: New

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Groovy)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Eoan)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Bionic)
       Status: New => Confirmed

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Bionic)
     Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1886860

Title:
  cgroup refcount is bogus when cgroup_sk_alloc is disabled

Status in linux package in Ubuntu:
  New
Status in linux source package in Bionic:
  Confirmed
Status in linux source package in Eoan:
  New
Status in linux source package in Focal:
  New
Status in linux source package in Groovy:
  New

Bug description:
  When net_prio and net_cls cgroups are used, cgroup refcount is bogus,
  as it's not incremented anymore, but decremented when sockets are
  closed.

  This might lead to crashes possibly because of use-after-free when
  packets are received as shown in LP #1886668.

  Cascardo.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886860/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to