On 2018/08/24 5:06, David Rientjes wrote:
> For those of us who are tracking CVE-2016-10723 which has peristently been
> labeled as "disputed" and with no clear indication of what patches address
> it, I am assuming that commit 9bfe5ded054b ("mm, oom: remove sleep from
> under oom_lock") and this patch are the intended mitigations?
>
> A list of SHA1s for merged fixed and links to proposed patches to address
> this issue would be appreciated.
>
Commit 9bfe5ded054b ("mm, oom: remove sleep from under oom_lock") is a
mitigation for CVE-2016-10723.
"[PATCH] mm,page_alloc: PF_WQ_WORKER threads must sleep at
should_reclaim_retry()." is independent from CVE-2016-10723.
We haven't made sure that the OOM reaper / exit_mmap() will get enough CPU
resources. For example, under a cluster of concurrently allocating realtime
scheduling priority threads, the OOM reaper takes about 1800 milliseconds
whereas direct OOM reaping takes only a few milliseconds.
Regards.
