Backport fix for cap_task_prctl OOM |
||||||||
Issue description
,
Apr 22 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4033228b638104c1620ab911ba814561cd76c1ec commit 4033228b638104c1620ab911ba814561cd76c1ec Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Sat Apr 22 04:57:56 2017 BACKPORT: commoncap: don't alloc the credential unless needed in cap_task_prctl In function cap_task_prctl(), we would allocate a credential unconditionally and then check if we support the requested function. If not we would release this credential with abort_creds() by using RCU method. But on some archs such as powerpc, the sys_prctl is heavily used to get/set the floating point exception mode. So the unnecessary allocating/releasing of credential not only introduce runtime overhead but also do cause OOM due to the RCU implementation. This patch removes abort_creds() from cap_task_prctl() by calling prepare_creds() only when we need to modify it. Reported-by: Kevin Hao <haokexin@gmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Paul Moore <paul@paul-moore.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com> (cherry picked from commit 6d6f3328422a3bc56b0d8dd026a5de845d2abfa7) Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org> BUG= chromium:712834 TEST=Build kernel. Change-Id: Idf03be78e4207667e3dfaaed3c2df9142611c5b8 Reviewed-on: https://chromium-review.googlesource.com/483661 Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [modify] https://crrev.com/4033228b638104c1620ab911ba814561cd76c1ec/security/commoncap.c
,
Apr 24 2017
,
Apr 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/bc0f488dcbd7e3caff6f2dc3c6d1050ee214ee8a commit bc0f488dcbd7e3caff6f2dc3c6d1050ee214ee8a Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Tue Apr 25 21:03:47 2017 BACKPORT: commoncap: don't alloc the credential unless needed in cap_task_prctl In function cap_task_prctl(), we would allocate a credential unconditionally and then check if we support the requested function. If not we would release this credential with abort_creds() by using RCU method. But on some archs such as powerpc, the sys_prctl is heavily used to get/set the floating point exception mode. So the unnecessary allocating/releasing of credential not only introduce runtime overhead but also do cause OOM due to the RCU implementation. This patch removes abort_creds() from cap_task_prctl() by calling prepare_creds() only when we need to modify it. Reported-by: Kevin Hao <haokexin@gmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Paul Moore <paul@paul-moore.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com> (cherry picked from commit 6d6f3328422a3bc56b0d8dd026a5de845d2abfa7) Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org> BUG= chromium:712834 TEST=Build kernel, deploy to device, boots successfully. Change-Id: I0ad367c568ba4f74ac125f93a4615d6ebe173e66 Reviewed-on: https://chromium-review.googlesource.com/485819 Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [modify] https://crrev.com/bc0f488dcbd7e3caff6f2dc3c6d1050ee214ee8a/security/commoncap.c
,
Apr 25 2017
,
May 30 2017
,
Aug 1 2017
,
Jan 22 2018
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by bugdroid1@chromium.org
, Apr 21 2017