oss-sec mailing list archives
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
From: Marcus Meissner <meissner () suse de>
Date: Fri, 20 Apr 2012 09:41:22 +0200
On Fri, Apr 20, 2012 at 09:14:58AM +0400, Pavel Emelyanov wrote:
On 04/20/2012 07:10 AM, Eugene Teo wrote:So we know what is holding the pid namespace reference. Additional thoughts. Does echo 3 > /proc/sys/vm/drop_caches clear up the issue?No.Is there a corresponding task_struct leak?Yes.I don't have much of a clue or much concern as this seems fixed in later kernels but I am happy to suggest things to look for to help narrow this down.I'm helping to provide more information.Is there also a vfsmount struct leak as well? The pidns creating implies kern-mount-ing of a proc and it should be released when child reaper of the namespace dies.
Yes, apparently (mnt_cache jumps 2*tries). I diffed slabinfo before and after approx 7500 tries on a freshly rebooted machine (3.1.10), here are the suspicious large jumps: -mqueue_inode_cache 1 4 896 4 1 : tunables 54 27 0 : slabdata 1 1 0 +mqueue_inode_cache 7516 7516 896 4 1 : tunables 54 27 0 : slabdata 1879 1879 0 -pid_namespace 0 0 2112 3 2 : tunables 24 12 0 : slabdata 0 0 0 +pid_namespace 7515 7515 2112 3 2 : tunables 24 12 0 : slabdata 2505 2505 0 -proc_inode_cache 591 696 632 6 1 : tunables 54 27 0 : slabdata 116 116 0 +proc_inode_cache 8105 8124 632 6 1 : tunables 54 27 0 : slabdata 1352 1354 0 -mnt_cache 45 45 256 15 1 : tunables 120 60 0 : slabdata 3 3 0 +mnt_cache 15077 15090 256 15 1 : tunables 120 60 0 : slabdata 1006 1006 0 -dentry 10840 10840 192 20 1 : tunables 120 60 0 : slabdata 542 542 0 +dentry 26780 26880 192 20 1 : tunables 120 60 0 : slabdata 1343 1344 0 -size-4096 59 59 4096 1 1 : tunables 24 12 0 : slabdata 59 59 0 +size-4096 7577 7577 4096 1 1 : tunables 24 12 0 : slabdata 7577 7577 0 -size-1024 665 680 1024 4 1 : tunables 54 27 0 : slabdata 170 170 0 +size-1024 15700 15700 1024 4 1 : tunables 54 27 0 : slabdata 3925 3925 0 -size-64 3360 3540 64 59 1 : tunables 120 60 0 : slabdata 60 60 0 +size-64 15097 22597 64 59 1 : tunables 120 60 0 : slabdata 383 383 0 -size-32 7892 7952 32 112 1 : tunables 120 60 0 : slabdata 71 71 0 +size-32 23920 31472 32 112 1 : tunables 120 60 0 : slabdata 281 281 0 Ciao, Marcus
Current thread:
- CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 22)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Kurt Seifried (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)