Ubuntu
linux-fsl-imx51 package

  1. Vivid (15.04)
  2. Bug #963685
  3. Comment #0

Comment 0 for bug 963685

Revision history for this message
Tetsuo Handa (9-launchpad-i-love-sakura-ne-jp) wrote : Please consider backporting killable request_module() patchset

Upstream commits:

(1) 70834d30 "usermodehelper: use UMH_WAIT_PROC consistently"
(2) b3449922 "usermodehelper: introduce umh_complete(sub_info)"
(3) d0bd587a "usermodehelper: implement UMH_KILLABLE"
(4) 9d944ef3 "usermodehelper: kill umh_wait, renumber UMH_* constants"
(5) 5b9bd473 "usermodehelper: ____call_usermodehelper() doesn't need do_exit()"
(6) 3e63a93b "kmod: introduce call_modprobe() helper"
(7) 1cc684ab "kmod: make __request_module() killable"

Description:

Since 2.6.11, an unprivileged local user can easily keep the system under
memory starvation state by temporarily disabling the OOM killer due to the OOM
killer deadlock. Although we haven't eliminated all of possible attack vectors,
this patchset can eliminate the most straightforward attack vector.

Notes:

(1) and (4) are optional. (4) depends on (1). (1) needs some corrections if we
backport. For example, (1) does not include fix for ubuntu/fsam7400/fsam7400.c
in precise.git. Therefore, I think excluding (1) and (4) is a safer choice.

3.4-rc1 will include (4) anyway. Please make sure that all users (including
ubuntu/fsam7400/fsam7400.c) started using UMH_* constants.