git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Shakeel Butt <shakeelb@google.com>
	Thu, 3 Jan 2019 03:14:31 +0000 (19:14 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 22 Jan 2019 20:09:56 +0000 (21:09 +0100)
commit	21e69f878b0a417703f9dd34ce402172168b4f9b
tree	c6f1d247885cdf11176203ee45dee789d5caf259	tree
parent	3b640cc5153302502a7e2c319d902347817afb6e	commit \| diff

netfilter: ebtables: account ebt_table_info to kmemcg

commit e2c8d550a973bb34fc28bc8d0ec996f84562fb8a upstream.

The [ip,ip6,arp]_tables use x_tables_info internally and the underlying
memory is already accounted to kmemcg. Do the same for ebtables. The
syzbot, by using setsockopt(EBT_SO_SET_ENTRIES), was able to OOM the
whole system from a restricted memcg, a potential DoS.

By accounting the ebt_table_info, the memory used for ebt_table_info can
be contained within the memcg of the allocating process. However the
lifetime of ebt_table_info is independent of the allocating process and
is tied to the network namespace. So, the oom-killer will not be able to
relieve the memory pressure due to ebt_table_info memory. The memory for
ebt_table_info is allocated through vmalloc. Currently vmalloc does not
handle the oom-killed allocating process correctly and one large
allocation can bypass memcg limit enforcement. So, with this patch,
at least the small allocations will be contained. For large allocations,
we need to fix vmalloc.

Reported-by: syzbot+7713f3aa67be76b1552c@syzkaller.appspotmail.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>