CONFIG_BASE_SMALL=1 restricts pid space, which conflicts with systemd default sysctl
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Groovy |
Invalid
|
Undecided
|
Unassigned | ||
linux-kvm (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo | ||
Bionic |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo | ||
Focal |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo | ||
Groovy |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo |
Bug Description
[Impact]
systemd-systemctl will fail to set kernel.pid_max, leading to a degraded boot.
[Fix]
Set CONFIG_BASE_FULL=y, CONFIG_
[Test case]
Write 419304 to /proc/sys/
[Potential regression]
Boot time may be affected.
=======
I'm not completely sure which package to log this against.
I'm running the kvm focal minimal cloud image from 20200302. I noticed on boot that there was an error complaining that systemd-systemctl couldn't update pid_max to the value it wanted:
systemd-
Digging into it a bit more, this comes from /usr/lib/
# Bump the numeric PID range to its maximum of 2^22 (from the in-kernel default
# of 2^16), to make PID collisions less likely.
kernel.pid_max = 4194304
However, the linux-image-kvm kernel is compiled with
CONFIG_BASE_SMALL=1
and this triggers the following code in include/
#define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 : \
(sizeof(long) > 4 ? 4 * 1024 * 1024 : PID_MAX_DEFAULT))
which means that if CONFIG_BASE_SMALL is set we get a maximum limit of PAGE_SIZE * 8, which on x86 would be 32768.
As a workaround I can override it with a file in /etc/sysctl.d/ but this shouldn't be needed.
I really don't know if CONFIG_BASE_SMALL makes any sense on x86 cloud images, they really aren't small machines in the scheme of things!
Cheers
David
CVE References
Changed in linux-kvm (Ubuntu): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → High |
status: | Confirmed → In Progress |
description: | updated |
Changed in linux-kvm (Ubuntu Xenial): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux-kvm (Ubuntu Bionic): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
status: | New → In Progress |
importance: | Undecided → High |
Changed in linux-kvm (Ubuntu Focal): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux-kvm (Ubuntu Groovy): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → High |
status: | New → Fix Committed |
status: | Fix Committed → In Progress |
Changed in linux-kvm (Ubuntu): | |
assignee: | Thadeu Lima de Souza Cascardo (cascardo) → nobody |
importance: | High → Medium |
status: | In Progress → Incomplete |
Changed in linux (Ubuntu): | |
status: | Incomplete → Invalid |
Changed in linux (Ubuntu Xenial): | |
status: | New → Invalid |
Changed in linux (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in linux (Ubuntu Focal): | |
status: | New → Invalid |
Changed in linux (Ubuntu Groovy): | |
status: | New → Invalid |
Changed in linux-kvm (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux-kvm (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux-kvm (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in linux-kvm (Ubuntu Groovy): | |
status: | In Progress → Fix Committed |
Status changed to 'Confirmed' because the bug affects multiple users.