Date: Mon, 5 Sep 2016 15:57:48 +0200 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE request: Linux kernel mbcache lock contention denial of service. On Mon, Aug 22, 2016 at 03:28:51PM +1000, Wade Mealing wrote: > Gday, > > A design flaw was found in the file extended attribute handling of the > linux kernels handling of cached attributes. Too many entries in the > cache cause a soft lockup while attempting to iterate the cache and > access relevant locks. > > Upstream has replaced the mbcache code with an updated version which > was not a patch but a clear-cut reimplementation of the code, no > single diff > > Soft lockup information is in both the bugzilla.kernel.org and > referred to in the LWN article. This would affect containers running > with ext4 as it shares the same mbcache between all containers/host. > > This did not affect Red Hat Enterprise Linux versions 5,6 or 7, so I > can't validate the claim that it does affect other newer kernels. > This may be worthwhile tracking for others who are affected by this > flaw. > > For those following along at home, this seemed to be fixed in: > > ± git tag --contains be0726d33cb8f411945884664924bed3cb8c70ee > v4.6 That commit is for only the ext2 filesystem, how would it fix an issue in ext4? totally confused, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ