mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-15 15:15:47 +00:00
e2c8d550a9
The [ip,ip6,arp]_tables use x_tables_info internally and the underlying memory is already accounted to kmemcg. Do the same for ebtables. The syzbot, by using setsockopt(EBT_SO_SET_ENTRIES), was able to OOM the whole system from a restricted memcg, a potential DoS. By accounting the ebt_table_info, the memory used for ebt_table_info can be contained within the memcg of the allocating process. However the lifetime of ebt_table_info is independent of the allocating process and is tied to the network namespace. So, the oom-killer will not be able to relieve the memory pressure due to ebt_table_info memory. The memory for ebt_table_info is allocated through vmalloc. Currently vmalloc does not handle the oom-killed allocating process correctly and one large allocation can bypass memcg limit enforcement. So, with this patch, at least the small allocations will be contained. For large allocations, we need to fix vmalloc. Reported-by: syzbot+7713f3aa67be76b1552c@syzkaller.appspotmail.com Signed-off-by: Shakeel Butt <shakeelb@google.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| netfilter | ||
| br.c | ||
| br_arp_nd_proxy.c | ||
| br_device.c | ||
| br_fdb.c | ||
| br_forward.c | ||
| br_if.c | ||
| br_input.c | ||
| br_ioctl.c | ||
| br_mdb.c | ||
| br_multicast.c | ||
| br_netfilter_hooks.c | ||
| br_netfilter_ipv6.c | ||
| br_netlink.c | ||
| br_netlink_tunnel.c | ||
| br_nf_core.c | ||
| br_private.h | ||
| br_private_stp.h | ||
| br_private_tunnel.h | ||
| br_stp.c | ||
| br_stp_bpdu.c | ||
| br_stp_if.c | ||
| br_stp_timer.c | ||
| br_switchdev.c | ||
| br_sysfs_br.c | ||
| br_sysfs_if.c | ||
| br_vlan.c | ||
| br_vlan_tunnel.c | ||
| Kconfig | ||
| Makefile | ||