| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Aug 2022 10:40:35 +0200
From: Ondrej Mosnacek <omosnace@...hat.com>
To: David Howells <dhowells@...hat.com>
Cc: keyrings@...r.kernel.org,
Linux Security Module list
<linux-security-module@...r.kernel.org>,
Eric Dumazet <edumazet@...gle.com>,
Linux kernel mailing list <linux-kernel@...r.kernel.org>
Subject: [BUG] watch_queue resource accounting seems broken
Hi,
It seems there is something wrong with resource accounting for
watch_queues. When a watch_queue is created, its size is set, and then
both ends are closed, it seems the resource usage increment is not
released as it should be and repeated creations of watch_queues
eventually (and quite fast!) exhaust the per-user pipe limit. I tested
this only on kernels 5.19 and 5.17.5, but I suspect the bug has been
there since the watch_queue introduction.
The issue can be reproduced by the attached C program. When it is run
by an unprivileged user (or by root with cap_sys_admin and
cap_sys_resource dropped), the pipe allocation/size setting starts to
fail after a few iterations.
I found this bug thanks to selinux-testuite's [1] watchkey test, which
started repeatably failing after I ran it a couple times in a row.
I'm not very familiar with this code area, so I'm hoping that someone
who understands the inner workings of watch_queue will be able and
willing to look into it and fix it.
Thanks,
[1] https://github.com/SELinuxProject/selinux-testsuite/
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
View attachment "watch_queue_bug.c" of type "text/x-c-code" (860 bytes)
Powered by blists - more mailing lists