https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c0
Summary: clone() with CLONE_NEWPID leaks kernel memory Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: openSUSE 12.1 Status: NEW Severity: Critical Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: ccrssaa@karelia.ru QAContact: qa-bugs@suse.de Found By: --- Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120312 Firefox/11.0 SeaMonkey/2.8
Server with vsftpd running started to die in agony with kswapd eating 100% cpu after upgrading to openSUSE 12.1. Turned out that vsftpd isolates each process using CLONE_NEWPID and 3.1.9-1.4 kernel does not free pid_namespace slabs.
Reproducible: Always
Steps to Reproduce: 1.
test.c: #include <stdio.h> #include <errno.h> #include <signal.h> #include <sched.h> #include <linux/sched.h> #include <unistd.h> #include <sys/syscall.h>
int main(int argc, char *argv[]) { int i, ret;
for (i = 0; i < 10000; i++) {
if (0 == (ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD, NULL))) return 0;
if (-1 == ret) { perror("clone"); break; }
}
return 0; }
simulates vsftpd sysdeputil.c
2. gcc -Wall test.c 3. run ./a.out as root Actual Results: # cat /proc/slabinfo | grep namespace pid_namespace 0 0 2112 3 2 : tunables 24 12 8 : slabdata 0 0 0 user_namespace 0 0 1072 7 2 : tunables 24 12 8 : slabdata 0 0 0 net_namespace 0 0 2560 3 2 : tunables 24 12 8 : slabdata 0 0 0 # ./a.out # sleep 60 # cat /proc/slabinfo | grep namespace pid_namespace 10000 10002 2112 3 2 : tunables 24 12 8 : slabdata 3334 3334 0 user_namespace 0 0 1072 7 2 : tunables 24 12 8 : slabdata 0 0 0 net_namespace 0 0 2560 3 2 : tunables 24 12 8 : slabdata 0 0 0
net_namespace slabs are freed but pid_namespace stays forever.
Expected Results: # ./a.out # sleep 60 # cat /proc/slabinfo | grep namespace pid_namespace 0 0 2112 3 2 : tunables 24 12 8 : slabdata 0 0 0 net_namespace 0 0 2944 2 2 : tunables 24 12 8 : slabdata 0 0 0
TWIMC: switched from vsftpd to proftpd as a workaround.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c1
--- Comment #1 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-18 13:40:29 UTC --- remote DoS for all openSUSE 12.1 hosts running vsftpd actually
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c2
--- Comment #2 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-18 13:44:17 UTC --- "Expected results" were taken on openSUSE 11.4, 2.6.37.6-0.5 kernel
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c3
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com Summary|clone() with CLONE_NEWPID |VUL-1: kernel: clone() with |leaks kernel memory |CLONE_NEWPID leaks kernel | |memory
--- Comment #3 from Marcus Meissner meissner@suse.com 2012-04-18 19:01:16 UTC --- browsed a bit through the kernel, did not see any mention of namespace leak
I vaguely recall some vsftpd / ns related trouble though.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c4
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High
--- Comment #4 from Marcus Meissner meissner@suse.com 2012-04-18 19:19:26 UTC --- I can reproduce on 12.1 , Linux 3.1.10-1.9-desktop with a simple wget loop
$ cat /proc/slabinfo|grep pid_na pid_namespace 588 588 2112 3 2 : tunables 24 12 0 : slabdata 196 196 0 .... wait a bit ....
$ cat /proc/slabinfo|grep pid_na pid_namespace 957 957 2112 3 2 : tunables 24 12 0 : slabdata 319 319 0
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c5
--- Comment #5 from Marcus Meissner meissner@suse.com 2012-04-18 19:39:59 UTC --- This might be the mainline fix ...
commit 1b26c9b334044cff6d1d2698f2be41bc7d9a0864 Author: Pravin B Shelar pshelar@nicira.com Date: Fri Mar 23 15:02:55 2012 -0700
proc-ns: use d_set_d_op() API to set dentry ops in proc_ns_instantiate().
The namespace cleanup path leaks a dentry which holds a reference count on a network namespace. Keeping that network namespace from being freed when the last user goes away. Leaving things like vlan devices in the leaked network namespace.
If you use ip netns add for much real work this problem becomes apparent pretty quickly. It light testing the problem hides because frequently you simply don't notice the leak.
Use d_set_d_op() so that DCACHE_OP_* flags are set correctly.
This issue exists back to 3.0.
Acked-by: "Eric W. Biederman" ebiederm@xmission.com Reported-by: Justin Pettit jpettit@nicira.com Signed-off-by: Pravin B Shelar pshelar@nicira.com Signed-off-by: Jesse Gross jesse@nicira.com Cc: David Miller davem@davemloft.net Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org
diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c index 27da860..3551f1f 100644 --- a/fs/proc/namespaces.c +++ b/fs/proc/namespaces.c @@ -53,7 +53,7 @@ static struct dentry *proc_ns_instantiate(struct inode *dir, ei->ns_ops = ns_ops; ei->ns = ns;
- dentry->d_op = &pid_dentry_operations; + d_set_d_op(dentry, &pid_dentry_operations); d_add(dentry, inode); /* Close the race of the process dying before we return the dentry */ if (pid_revalidate(dentry, NULL))
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c6
--- Comment #6 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-19 04:52:10 UTC --- (In reply to comment #5)
This might be the mainline fix ...
dentry->d_op = &pid_dentry_operations;
d_set_d_op(dentry, &pid_dentry_operations);
does not solve the problem with pid_namespace (3.1.9-1.4-desktop)
net_namespace becomes zero in a short time after clone loop (the same behaviour without patch), pid_namespace leaks
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c7
--- Comment #7 from Marcus Meissner meissner@suse.com 2012-04-19 13:51:57 UTC --- hmm, yes, the patch does not help.
but as I cannot reproduce this on my 3.3 openSUSE factory machein it must have been fixed at some point in time. No specific patch stands out though.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c8
--- Comment #8 from Marcus Meissner meissner@suse.com 2012-04-19 21:35:37 UTC --- testcase reproduces in 3.0.13 (SLE 11 SP2) and openSUSE 12.1 (3.1.10)
It so far did not on 3.2.0, nor on 2.6.37 (oS 11.4)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c9
--- Comment #9 from Marcus Meissner meissner@suse.com 2012-04-20 10:34:56 UTC --- I am working with the relevant kernel people (oss-security is in CC).
so far no luck in pinpointing.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c10
--- Comment #10 from Jeff Mahoney jeffm@suse.com 2012-04-21 22:31:31 EDT --- Git bisect leads to commit upstream 423e0ab086ad8b33626e45fa94ac7613146b7ffa as being the "bad" commit.
I need to look further, but since each new pid namespace creates a mount, it follows that the namespace mounts aren't getting freed.
/proc/slabinfo bears that out:
pid_namespace 300 303 2112 3 2 : tunables 24 12 8 : slabdata 101 101 0 mnt_cache 631 660 256 15 1 : tunables 120 60 8 : slabdata 44 44 0
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c11
--- Comment #11 from Jeff Mahoney jeffm@suse.com 2012-04-21 22:35:47 EDT --- And the fix:
commit 905ad269c55fc62bee3da29f7b1d1efeba8aa1e1 Author: Al Viro viro@zeniv.linux.org.uk Date: Thu Dec 8 23:20:45 2011 -0500
procfs: fix a vfsmount longterm reference leak
kern_mount() doesn't pair with plain mntput()...
Signed-off-by: Al Viro viro@zeniv.linux.org.uk
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c12
Jeff Mahoney jeffm@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED AssignedTo|kernel-maintainers@forge.pr |jeffm@suse.com |ovo.novell.com |
--- Comment #12 from Jeff Mahoney jeffm@suse.com 2012-04-21 23:02:57 EDT --- Incidentally, the "bad" patch was introduced in 3.1 but backported to our 3.0 kernel.
I've applied the fix to openSUSE 12.1 and SLE11 SP2.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c13
--- Comment #13 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-22 08:55:02 UTC --- seems that problem is more complex
after two runs of for d in `seq 1 10000` ; do netcat -z 127.0.0.1 21 ; done
cat /proc/slabinfo | grep namespa
pid_namespace 2905
better than 20000 but still not zero
vsftpd, 3.1.10-1.9-desktop with 905ad269c55fc62bee3da29f7b1d1efeba8aa1e1 applied
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c14
--- Comment #14 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-22 10:33:49 UTC --- Created an attachment (id=487333) --> (http://bugzilla.novell.com/attachment.cgi?id=487333) CLONE_NEWPID with and without SIGCHLD handler test
attempt to simulate vsftpd in standalone mode
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c15
--- Comment #15 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-22 10:41:19 UTC --- # gcc -Wall -DWITH_SIGCHLD=0 vsftpd.c # cat /proc/slabinfo | grep namespace ; ./a.out ; sleep 60 ; cat /proc/slabinfo | grep namespace pid_namespace 126 138 2112 3 2 : tunables 24 12 8 : slabdata 46 46 0 user_namespace 0 0 1072 7 2 : tunables 24 12 8 : slabdata 0 0 0 net_namespace 0 0 2560 3 2 : tunables 24 12 8 : slabdata 0 0 0 SIGCHLD handler not enabled pid_namespace 126 138 2112 3 2 : tunables 24 12 8 : slabdata 46 46 0 user_namespace 0 0 1072 7 2 : tunables 24 12 8 : slabdata 0 0 0 net_namespace 0 0 2560 3 2 : tunables 24 12 8 : slabdata 0 0 0 # gcc -Wall -DWITH_SIGCHLD=1 vsftpd.c bliss:/home/vadim/my/2012/cl-fs # cat /proc/slabinfo | grep namespace ; ./a.out ; sleep 60 ; cat /proc/slabinfo | grep namespace pid_namespace 126 138 2112 3 2 : tunables 24 12 8 : slabdata 46 46 0 user_namespace 0 0 1072 7 2 : tunables 24 12 8 : slabdata 0 0 0 net_namespace 0 0 2560 3 2 : tunables 24 12 8 : slabdata 0 0 0 SIGCHLD handler enabled pid_namespace 155 171 2112 3 2 : tunables 24 12 8 : slabdata 57 57 0 user_namespace 0 0 1072 7 2 : tunables 24 12 8 : slabdata 0 0 0 net_namespace 0 0 2560 3 2 : tunables 24 12 8 : slabdata 0 0 0 #
155 stays forever race with signal code ? reopen ?
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c16
--- Comment #16 from Marcus Meissner meissner@suse.com 2012-04-22 10:46:41 UTC --- This issue got assigned CVE-2012-2127
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c17
--- Comment #17 from Marcus Meissner meissner@suse.com 2012-04-22 12:04:35 UTC --- does it go away after a while?
or does it stay at this level?
does it increase if you call the reproducer several times?
if it does not go down or increases, please reopen
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c18
Vadim Ponomarev ccrssaa@karelia.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |
--- Comment #18 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-22 13:12:25 UTC --- (In reply to comment #17)
does it go away after a while?
no (~1.5 hours since 10:46:41 UTC)
or does it stay at this level?
yes
does it increase if you call the reproducer several times?
yes
if it does not go down or increases, please reopen
ok
looks like a two different bugs IMHO
first was "does not release pid_namespace slabs at all" (fixed in 905ad269c55fc62bee3da29f7b1d1efeba8aa1e1)
second is "leaks some", exists in oS 12.1 with 905ad269c55fc62bee3da29f7b1d1efeba8aa1e1 patch applied, exists in oS 11.4 too, and somehow related to the presence of SIGCHLD handler with waitpid()
Is it possible to fork a new bug from this one ? Or should I report new ?
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c19
--- Comment #19 from Jeff Mahoney jeffm@suse.com 2012-04-22 14:19:32 EDT --- Something else is still not entirely right here.
Vadim, your test isn't going to produce decent results. Checking one value afterwards doesn't work because the pid_namespace slab is emptied gradually.
Try this instead and you'll see the pid_namespace slab shrink. watch "egrep '(mnt|pid_name)' /proc/slabinfo"
But it looks like mnt_cache isn't shrinking.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c20
--- Comment #20 from Jeff Mahoney jeffm@suse.com 2012-04-22 14:35:56 EDT --- My test case is to clone NEWPID 100 processes that all just print their pids and exit.
Every time I run it, pid_namespace goes to 102 and mnt_cache increases by ~208.
Over the next 10-15 seconds, pid_namespace drops back down to 0 but mnt_cache permanently increases by 100 active objects.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c21
--- Comment #21 from Jeff Mahoney jeffm@suse.com 2012-04-22 14:39:14 EDT --- I need to test if it's the cause, but we'll need commit 6f686574cccc2ef66fb38e41f19cedd81e7b4504 either way.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c22
Jeff Mahoney jeffm@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO InfoProvider| |ccrssaa@karelia.ru
--- Comment #22 from Jeff Mahoney jeffm@suse.com 2012-04-22 14:58:49 EDT --- Test fix confirmed. mnt_cache drops back to baseline with that patch applied.
I've applied it to 12.1 and SP2.
I've also verified that this is the last of the kern_mount_data leaks.
Vadim, can you confirm that with both patches applied the pid_namespace slab drops back to baseline (usually 0) within 30 seconds? My testing used the SIGCHILD clone flag and was successful.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c23
--- Comment #23 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-22 20:58:21 UTC --- Created an attachment (id=487338) --> (http://bugzilla.novell.com/attachment.cgi?id=487338) script to watch pid_namespace and mnt_cache changes
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c24
Vadim Ponomarev ccrssaa@karelia.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|ccrssaa@karelia.ru |
--- Comment #24 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-22 21:32:16 UTC --- (In reply to comment #22)
Test fix confirmed. mnt_cache drops back to baseline with that patch applied.
I've applied it to 12.1 and SP2.
I've also verified that this is the last of the kern_mount_data leaks.
Vadim, can you confirm that with both patches applied the pid_namespace slab drops back to baseline (usually 0) within 30 seconds?
3.1.10-1.9-desktop with 905ad269c55fc62bee3da29f7b1d1efeba8aa1e1 and 6f686574cccc2ef66fb38e41f19cedd81e7b4504 applied
test program is vsftpd-1.c from the first attachment https://bugzilla.novell.com/attachment.cgi?id=487333
note that (unlike test.c in initial report) vsftpd-1.c has SIGCHLD handler as an attempt to simulate real vsftpd behaviour
watch.pl is the second attachment https://bugzilla.novell.com/attachment.cgi?id=487338 - just for convenience
1) test program compiled withoud SIGCHLD handler (gcc -DWITH_SIGCHLD=0 vsftpd-1.c) - everything is freed
./watch.pl
Mon Apr 23 00:54:09 2012 pid_namespace=0 mnt_cache=39 Mon Apr 23 00:54:56 2012 pid_namespace=24 mnt_cache=75 Mon Apr 23 00:54:57 2012 pid_namespace=57 mnt_cache=120 Mon Apr 23 00:54:58 2012 pid_namespace=93 mnt_cache=150 Mon Apr 23 00:54:59 2012 pid_namespace=102 mnt_cache=165 Mon Apr 23 00:55:01 2012 pid_namespace=82 mnt_cache=165 Mon Apr 23 00:55:03 2012 pid_namespace=72 mnt_cache=117 Mon Apr 23 00:55:05 2012 pid_namespace=42 mnt_cache=69 Mon Apr 23 00:55:07 2012 pid_namespace=32 mnt_cache=54 Mon Apr 23 00:55:09 2012 pid_namespace=5 mnt_cache=46 Mon Apr 23 00:55:11 2012 pid_namespace=2 mnt_cache=42 Mon Apr 23 00:55:13 2012 pid_namespace=1 mnt_cache=40 Mon Apr 23 00:55:15 2012 pid_namespace=0 mnt_cache=39
2) test program compiled with SIGCHLD handler (gcc vsftpd-1.c) - pid_namespace and mnt_cache leaked
./watch.pl
(first run, from another terminal) Mon Apr 23 01:02:52 2012 pid_namespace=0 mnt_cache=39 Mon Apr 23 01:03:01 2012 pid_namespace=21 mnt_cache=75 Mon Apr 23 01:03:02 2012 pid_namespace=27 mnt_cache=90 Mon Apr 23 01:03:03 2012 pid_namespace=33 mnt_cache=105 Mon Apr 23 01:03:07 2012 pid_namespace=23 mnt_cache=57 Mon Apr 23 01:03:09 2012 pid_namespace=13 mnt_cache=53 Mon Apr 23 01:03:11 2012 pid_namespace=11 mnt_cache=51 Mon Apr 23 01:03:13 2012 pid_namespace=10 mnt_cache=50 Mon Apr 23 01:03:15 2012 pid_namespace=10 mnt_cache=49 (10 out of 100 slabs leaked in first run) (run test program from another terminal again) Mon Apr 23 01:10:49 2012 pid_namespace=22 mnt_cache=105 Mon Apr 23 01:10:50 2012 pid_namespace=27 mnt_cache=105 Mon Apr 23 01:10:51 2012 pid_namespace=36 mnt_cache=120 Mon Apr 23 01:10:52 2012 pid_namespace=39 mnt_cache=120 Mon Apr 23 01:10:55 2012 pid_namespace=29 mnt_cache=91 Mon Apr 23 01:10:57 2012 pid_namespace=22 mnt_cache=64 Mon Apr 23 01:10:59 2012 pid_namespace=21 mnt_cache=62 Mon Apr 23 01:11:01 2012 pid_namespace=21 mnt_cache=61 Mon Apr 23 01:11:02 2012 pid_namespace=21 mnt_cache=60 (11 out of 100 slabs leaked in second run)
pid_namespace stays 21 and mnt_cache stays 60 forever instead of shrinking back to initial 0 and 39
please look at the comment 18, this is a different bug IMHO (race with signal code ?)
My testing used the SIGCHILD clone flag and was successful.
Please check the case when not only SIGCHLD clone flag is set, but the handler is enabled using sigaction()
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c25
--- Comment #25 from Jeff Mahoney jeffm@suse.com 2012-04-22 21:42:56 EDT --- Ok. I can reproduce this but not on the scale you're seeing. I see exactly one pid ns leaked for each run. It doesn't leak w/o SIGCHLD.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c26
--- Comment #26 from Jeff Mahoney jeffm@suse.com 2012-04-22 21:45:56 EDT --- I added printks for pidns creates and destroys and the last one created with the SIGCHLD run is never freed.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c27
--- Comment #27 from Jeff Mahoney jeffm@suse.com 2012-04-22 22:41:14 EDT --- If I had to guess, it'd be that the parent process has exited and the children have been reparented to init, which is in a different namespace so that the namespace never gets released. It's just a hunch.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c30
--- Comment #30 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-24 13:50:11 UTC --- (In reply to comment #25)
Ok. I can reproduce this but not on the scale you're seeing. I see exactly one pid ns leaked for each run. It doesn't leak w/o SIGCHLD.
reproduced that "exactly one pid ns for each run" on 3.1.10-1.9-default
results from comment 24 were obtained on -desktop
seems that cpu speed doesn't matter (results from i3 550 and c2d 6420 are looking pretty similar, ~10-11 leaked pid ns per test run), only -desktop/-default makes the difference
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c31
--- Comment #31 from Mike Galbraith mgalbraith@suse.com 2012-04-24 14:19:07 UTC --- (In reply to comment #30)
(In reply to comment #25)
Ok. I can reproduce this but not on the scale you're seeing. I see exactly one pid ns leaked for each run. It doesn't leak w/o SIGCHLD.
reproduced that "exactly one pid ns for each run" on 3.1.10-1.9-default
results from comment 24 were obtained on -desktop
seems that cpu speed doesn't matter (results from i3 550 and c2d 6420 are looking pretty similar, ~10-11 leaked pid ns per test run), only -desktop/-default makes the difference
Mainline with voluntary preempt leaks heavily here. It does not leak at all if you ensure that the parent exits before children, so reparent is innocent. Ensure parent stays around, it leaks madly. user/net_namespaces do not leak.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c32
--- Comment #32 from Mike Galbraith mgalbraith@suse.com 2012-04-30 03:19:32 UTC --- Created an attachment (id=488769) --> (http://bugzilla.novell.com/attachment.cgi?id=488769) leak fix
After finally convincing ftrace to capture the _whole_ event, turns out one leak is simple, SIGCHLD received during fork() triggers fork() failure - proc was mounted but not unmounted on cleanup.
There's at least one more (not so simple) leak though. The final put_pid() in softirq context occasionally just goes missing for some as yet unknown reason. Seems there are some nasty issues open in pid namespace as well, Oleg sent me this link:
Heh. Please look at http://marc.info/?l=linux-kernel&m=127687751003902 and the whole thread, there are a lot more problems here.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c33
--- Comment #33 from Vadim Ponomarev ccrssaa@karelia.ru 2012-04-30 11:23:51 UTC --- (In reply to comment #32)
Created an attachment (id=488769)
--> (http://bugzilla.novell.com/attachment.cgi?id=488769) [details]
leak fix
After finally convincing ftrace to capture the _whole_ event, turns out one leak is simple, SIGCHLD received during fork() triggers fork() failure - proc was mounted but not unmounted on cleanup.
There's at least one more (not so simple) leak though. The final put_pid() in softirq context occasionally just goes missing for some as yet unknown reason.
tried 3.1.10-1.9-desktop, -default and -xen (as a dom0 and domU kernel) with all three patches applied, vsftp and "netcat -z 127.0.0.1 21" loop
no leak with -desktop and -xen dom0 pid_ns leaks with -default and -xen domU
Seems there are some nasty issues open in pid namespace as well, Oleg sent me this link:
Heh. Please look at http://marc.info/?l=linux-kernel&m=127687751003902 and the whole thread, there are a lot more problems here.
sad
btw wonder why nobody reported this issue long time ago no one is using vsftpd on oS nowadays ?
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c34
--- Comment #34 from Mike Galbraith mgalbraith@suse.com 2012-04-30 14:09:33 UTC --- (In reply to comment #33)
pid_ns leaks with -default and -xen domU
Likely this one.
vsftpd-14507 [003] .... 1467.046189: proc_set_super: get_pid_ns: 0xffff8801dc560998 count:1->2 vsftpd-14507 [003] .... 1467.046201: create_pid_namespace: create_pid_namespace: 0xffff8801dc560998 vsftpd-14507 [003] .... 1467.046206: alloc_pid: get_pid_ns: 0xffff8801dc560998 count:2->3 vsftpd-14521 [003] .... 1467.052481: switch_task_namespaces: exiting: 0xffff8801dc560998 count:3 vsftpd-14521 [003] .... 1467.073823: free_nsproxy: put_pid_ns: 0xffff8801dc560998 count:3->2 vsftpd-14507 [003] .... 1467.173657: put_pid: namespace: 0xffff8801dc560998 pid count:2->1 pid_ns count:2 vsftpd-14507 [003] .... 1467.173677: proc_kill_sb: put_pid_ns: 0xffff8801dc560998 count:2->1 <idle>-0 [003] ..s. 1467.213562: put_pid: namespace: 0xffff8801dc560998 pid count:6->5 pid_ns count:1
While we wait for rcu destruction, someone grabs references to the pid, foiling grand destruction plan.. sometimes, like this one, plan is foiled permanently.
btw wonder why nobody reported this issue long time ago no one is using vsftpd on oS nowadays ?
Or folks have truckloads of ram, and don't notice a bit going missing.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c35
--- Comment #35 from Mike Galbraith mgalbraith@suse.com 2012-05-04 06:14:54 UTC --- After MUCH time investment squabbling with ftrace, I finally got the darn thing traced. All is well afaikt, see trace I'll attach shortly. Putting the info there, connection is timing out on me.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c36
--- Comment #36 from Mike Galbraith mgalbraith@suse.com 2012-05-04 06:16:42 UTC --- Created an attachment (id=489513) --> (http://bugzilla.novell.com/attachment.cgi?id=489513) trace etc
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c37
--- Comment #37 from Mike Galbraith mgalbraith@suse.com 2012-05-04 06:20:20 UTC --- (In reply to comment #36)
Created an attachment (id=489513)
--> (http://bugzilla.novell.com/attachment.cgi?id=489513) [details]
trace etc
BTW, the "leak" does happen without SIGCHLD, is merely MUCH less likely.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c38
--- Comment #38 from Mike Galbraith mgalbraith@suse.com 2012-05-04 09:16:44 UTC --- With all three fixes applied, the bug appears to be dead. Caching, seems a bit on the aggressive side, but with memory pressure reclaim does happen.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c39
--- Comment #39 from Mike Galbraith mgalbraith@suse.com 2012-05-06 10:32:41 UTC --- As if this bug wasn't annoying enough just to trace, applying the fix is annoying too. Including proc_fs.h in fork.c breaks kABI in SLE11-SP2 for some reason. Have to double check 12.1, then push both.
To put the final touches on this bug, namespaces are flat not amenable to the high frequency fork/exit/waitpid usage vsftpd is apparently doing. Children call synchronize_rcu() on exit, making them stick around for a while, and worse, the parent calls rcu_barrier() on each and every unmount while reaping since d863b50ab 2.6.38-rc5, meaning 1 child per tick is all it can reap. With many children to reap, zombies persist for ages as targets of readdir() in procfs, bloating cache.
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c42
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:released:sle11-sp2:47 | |453
--- Comment #42 from Swamp Workflow Management swamp@suse.de 2012-06-01 17:24:28 UTC --- Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-devel, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-devel, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen Products: SLE-DEBUGINFO 11-SP2 (i386) SLE-DESKTOP 11-SP2 (i386) SLE-HAE 11-SP2 (i386) SLE-SERVER 11-SP2 (i386) SLES4VMWARE 11-SP2 (i386)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c43
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 | |maint:released:sle11-sp2:47 | |455
--- Comment #43 from Swamp Workflow Management swamp@suse.de 2012-06-01 17:49:00 UTC --- Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP2 (ppc64) SLE-HAE 11-SP2 (ppc64) SLE-SERVER 11-SP2 (ppc64)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c44
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 | |maint:released:sle11-sp2:47 | |457
--- Comment #44 from Swamp Workflow Management swamp@suse.de 2012-06-01 18:27:40 UTC --- Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen Products: SLE-DEBUGINFO 11-SP2 (x86_64) SLE-DESKTOP 11-SP2 (x86_64) SLE-HAE 11-SP2 (x86_64) SLE-SERVER 11-SP2 (x86_64) SLES4VMWARE 11-SP2 (x86_64)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c45
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |457 |456
--- Comment #45 from Swamp Workflow Management swamp@suse.de 2012-06-01 18:51:52 UTC --- Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP2 (s390x) SLE-HAE 11-SP2 (s390x) SLE-SERVER 11-SP2 (s390x)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c46
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 | |maint:released:sle11-sp2:47 | |454
--- Comment #46 from Swamp Workflow Management swamp@suse.de 2012-06-01 18:53:20 UTC --- Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace Products: SLE-DEBUGINFO 11-SP2 (ia64) SLE-HAE 11-SP2 (ia64) SLE-SERVER 11-SP2 (ia64)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c47
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |454 |454 | |maint:released:sle11-sp2:47 | |462
--- Comment #47 from Swamp Workflow Management swamp@suse.de 2012-06-02 00:11:06 UTC --- Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-xen, kernel-default-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (x86_64)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c48
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |454 |454 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |462 |462 | |maint:released:sle11-sp2:47 | |459
--- Comment #48 from Swamp Workflow Management swamp@suse.de 2012-06-02 01:11:22 UTC --- Update released for: ext4-writeable-kmp-default, kernel-default-extra Products: SLE-SERVER 11-EXTRA (ia64)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c49
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |454 |454 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |462 |462 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |459 |459 | |maint:released:sle11-sp2:47 | |460
--- Comment #49 from Swamp Workflow Management swamp@suse.de 2012-06-02 02:13:03 UTC --- Update released for: ext4-writeable-kmp-default, ext4-writeable-kmp-ppc64, kernel-default-extra, kernel-ppc64-extra Products: SLE-SERVER 11-EXTRA (ppc64)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c50
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |454 |454 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |462 |462 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |459 |459 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |460 |460 | |maint:released:sle11-sp2:47 | |461
--- Comment #50 from Swamp Workflow Management swamp@suse.de 2012-06-02 03:13:22 UTC --- Update released for: ext4-writeable-kmp-default, kernel-default-extra Products: SLE-SERVER 11-EXTRA (s390x)
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |454 |454 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |462 |462 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |459 |459 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |460 |460 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |461 |461 Status Whiteboard| |obs:running:554:moderate
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |454 |454 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |462 |462 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |459 |459 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |460 |460 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |461 |461 Status Whiteboard|obs:running:554:moderate |
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c51
--- Comment #51 from Swamp Workflow Management swamp@suse.de 2012-06-22 09:11:33 UTC --- openSUSE-SU-2012:0781-1: An update that solves 7 vulnerabilities and has 23 fixes is now available.
Category: security (moderate) Bug References: 700174,716996,731720,732006,735362,736268,745929,747038,747404,748463,748859,752460,754186,756840,757783,757789,758243,758260,758813,759545,759554,760077,760279,760860,760902,761681,762991,762992,765102,765320 CVE References: CVE-2009-4020,CVE-2011-3347,CVE-2012-2119,CVE-2012-2123,CVE-2012-2136,CVE-2012-2373,CVE-2012-2663 Sources used: openSUSE 12.1 (src): kernel-docs-3.1.10-1.13.2, kernel-source-3.1.10-1.13.1, kernel-syms-3.1.10-1.13.1
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |454 |454 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |462 |462 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |459 |459 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |460 |460 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |461 |461 Status Whiteboard| |obs:running:583:moderate
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |454 |454 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |462 |462 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |459 |459 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |460 |460 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |461 |461 Status Whiteboard|obs:running:583:moderate |
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c52
--- Comment #52 from Swamp Workflow Management swamp@suse.de 2012-07-03 12:11:29 UTC --- openSUSE-SU-2012:0812-1: An update that solves 7 vulnerabilities and has 27 fixes is now available.
Category: security (moderate) Bug References: 700174,716996,731537,731720,732006,735362,736268,745929,747038,747404,748463,748859,752460,754186,756840,757783,757789,758243,758260,758813,759545,759554,760077,760279,760860,760902,760974,761681,762991,762992,764864,765102,765320,767786 CVE References: CVE-2009-4020,CVE-2011-3347,CVE-2012-2119,CVE-2012-2123,CVE-2012-2136,CVE-2012-2373,CVE-2012-2663 Sources used: openSUSE 12.1 (src): kernel-docs-3.1.10-1.16.2, kernel-source-3.1.10-1.16.1, kernel-syms-3.1.10-1.16.1
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c53
--- Comment #53 from Marcus Meissner meissner@suse.com 2012-07-04 06:10:13 UTC --- Michael, regarding your last comment ... any news?
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c54
--- Comment #54 from Mike Galbraith mgalbraith@suse.com 2012-07-04 06:42:13 UTC --- (In reply to comment #53)
Michael, regarding your last comment ... any news?
I think it's all done upstream. I'll have to look to see what the final outcome was. Fires are burning though...
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c55
--- Comment #55 from Swamp Workflow Management swamp@suse.de 2013-06-10 14:57:32 UTC --- openSUSE-SU-2013:0927-1: An update that solves 75 vulnerabilities and has 1406 fixes is now available.
Category: security (low) Bug References: 176921,225091,299267,436025,439348,445872,458027,467688,468397,470671,476525,486001,501563,503038,527028,550447,550906,552250,556135,556234,556572,556959,557479,557710,560420,560454,561811,562046,562095,563905,564618,564635,564638,564640,565027,565124,565845,566332,566768,567283,567376,567474,567703,568147,568848,569050,569194,569238,569606,569687,569916,570284,570320,570492,570526,572119,572294,572661,572834,573237,573330,573401,573565,573722,573803,574006,574771,575047,575072,575073,575074,575181,575194,575199,575396,575409,575752,575884,575923,575956,576277,577203,577232,577355,577358,577529,577753,577771,577856,577937,577967,578046,578059,578429,578430,578572,578639,578927,578980,578981,579060,579111,579137,579439,579636,579639,579647,579682,580105,580140,580373,580381,580416,580793,580799,580823,580991,581057,581103,581188,581199,581567,581718,581940,582552,582643,582730,582872,582878,583022,583296,583356,583539,583677,583900,584197,584209,584218,584320,584343,584451,584 453,584475,584508,584574,584617,584691,584728,584820,584875,584958,585034,585124,585179,585191,585241,585269,58529,585296,585385,585463,585490,585492,585608,585711,585743,586343,586364,586417,586684,586806,587073,587114,587125,587199,587427,587562,587669,587673,587681,587692,587739,587746,587782,588008,588929,588972,588994,589280,589449,589650,589651,589652,589654,589655,589656,589657,589660,589679,589804,589906,590154,590217,590401,590415,590585,590687,590705,590727,590856,590859,590926,590927,590937,590980,590995,590996,591039,591293,591318,591376,591377,591401,591473,591513,591556,591870,591950,592176,592472,592703,592943,593318,593319,593731,593934,594066,594131,594271,594305,594367,594391,594399,594473,594583,594586,594835,594997,595074,595215,595609,595755,595960,596031,596113,596460,596462,596646,596720,596783,596943,597120,597135,597583,597648,597650,598246,598253,598270,598308,598493,598553,598677,598837,599279,599671,599814,599955,600043,600256,600261,600364,600375 ,600516,600535,600579,600983,601168,601198,602150,602208,602232,602514,602838,602852,602969,602980,603148,603205,603387,603411,603464,603510,603528,603738,604183,605001,605321,605686,605947,606575,606743,606778,606797,606977,607123,607339,607448,607628,607890,608435,608478,609172,609196,609281,609506,610783,611094,611104,611760,612009,612407,612729,613171,613330,613542,613906,614226,614332,614349,614793,615003,615557,615630,616080,616088,616369,616464,616612,617248,617437,617464,618059,618072,618379,618424,618444,618767,619002,619007,619525,619536,619840,620020,620021,620443,620654,620904,620929,621203,621598,621715,622597,622635,622727,622868,623307,624020,624072,624340,624436,624814,624850,625167,625666,625674,626321,626880,627060,627386,627518,628180,628554,628604,629170,629263,629552,630068,630121,630132,630970,631075,631801,632317,632568,632974,632975,633026,633268,633543,633581,633585,633593,633733,634637,635425,635515,636435,636461,636561,636672,636850,637436,637502,6 37542,637639,637944,638258,638274,638277,638400,638613,638618,638807,638860,639161,639197,639728,639803,639944,640276,640278,640850,640878,641247,642009,642309,642313,642314,642449,642486,643173,643249,643266,643477,643513,643909,643914,643922,644219,644350,644373,644630,645659,645893,646045,646226,646542,646702,647392,647497,647567,647775,648112,648308,648647,648701,648916,649000,649187,649231,649257,649355,649473,649548,649820,650067,650109,650111,650113,650116,650185,650309,650366,650487,650545,650748,650897,651152,651218,651596,651599,651626,652024,652293,652391,652563,652603,652842,652939,652940,652945,653148,653258,653266,653800,653850,653930,654150,654169,654350,654501,654530,654581,654701,654837,654967,655027,655220,655278,655434,655964,655973,656219,656471,656587,657248,657324,657350,657412,657415,657763,658037,658254,658337,658353,658413,658461,658464,658551,658829,659101,659144,659394,659419,660507,660546,661605,662031,662202,662212,662335,662340,662360,662432,662 673,662722,662800,662931,663313,663513,663537,663582,663678,663706,664149,664463,665480,665499,665524,665663,666012,666836,666842,666893,667226,667766,668483,668545,668633,668872,668895,668896,668898,668927,669058,669571,669740,670129,670154,670465,670615,670816,670864,670868,670979,671256,671274,671296,671479,671483,671943,672292,672453,672492,672923,673516,674189,674549,675115,675127,675963,676419,676890,677286,677391,677398,677563,677783,678531,678728,679301,679812,680809,680814,680845,681242,682076,682251,682319,682333,682482,682755,682940,682941,683107,683282,683569,684085,684297,684472,684852,684927,685226,685276,686325,686404,686702,686813,686921,686980,687046,687049,687065,687068,687478,687759,687760,687789,688326,688912,688996,689227,689230,689290,689435,689436,689596,689746,690073,690082,690611,690683,691216,691269,691408,691536,691538,691632,691633,691693,691714,691742,691829,691979,692343,692454,692459,692460,692709,693149,693513,693636,694963,694966,695066,69506 7,695243,695605,695898,696107,696586,697255,697777,697783,697913,697942,697944,698050,698053,698102,698269,698272,698524,698540,698548,698572,698604,698774,698776,698779,698793,698797,698801,698803,698949,699085,699087,699089,699092,699265,699354,699495,699534,699687,699701,699703,699842,699916,699946,699950,699990,700009,700080,700084,7000995,700332,700391,700401,700445,700448,700512,700514,700632,700637,700638,700777,700856,701163,701170,701183,701198,701622,701686,701977,702133,702384,702470,702604,702651,702736,702832,702838,703013,703100,703156,703204,703422,703426,703653,703786,704163,704280,704361,704592,704917,704957,705433,705472,705487,705551,705906,705962,706131,706410,706472,706473,706485,706557,706587,706696,706821,706838,706841,706882,706913,707094,707270,707389,707666,707988,708160,708204,708269,708274,708296,708376,708635,708636,708720,708730,708809,708836,709063,709064,709068,709075,709266,709269,709300,709332,709467,709528,709866,709974,710352,710790,710868 ,710969,711201,711285,711297,711378,711519,711566,711592,711684,711765,712404,712405,712420,712899,713134,713148,713448,713490,713675,713707,714096,714106,714215,714274,714552,714604,714605,714643,714786,714789,714911,715031,715496,715635,716023,716708,716850,716970,716971,717142,717160,717248,717263,717372,717500,717573,717574,717797,717840,717848,717884,717996,718149,718160,718165,718265,718279,718366,718401,718518,718521,718551,718831,718863,718910,718918,718936,718950,719029,719079,719090,719280,719296,719408,719592,719645,719693,719846,719911,719943,720075,720353,720451,720456,720457,720458,720459,720460,720536,720661,720674,720741,720750,720753,720946,720960,720996,721007,721042,721045,721206,721212,721239,721246,721337,721410,721464,721517,721587,721738,721840,721857,721874,722092,722260,722265,722414,722433,722437,722449,722560,722569,722635,722640,722646,722793,722795,722993,723008,723171,723597,723884,724014,724133,724227,724544,724577,724616,724620,724734,724800,7 24865,724906,725077,725208,725344,725346,725350,725355,725424,725592,725594,725709,725836,725878,726023,726075,726156,726176,726214,726309,726333,726400,726504,726699,726703,726710,726850,726999,727250,727324,727367,727415,727453,727493,727611,727638,727650,727793,727814,728035,728043,728086,728195,728329,728597,728626,729122,729466,729518,729548,7297470,729789,729840,729854,730103,730117,730265,730440,730660,730731,730749,731009,731029,731035,731261,731387,73149,731701,731739,731770,731809,731945,731999,732070,732082,732132,732178,732296,732335,732371,732471,732535,732582,733236,733248,733270,733390,733435,733543,733702,733761,733822,733863,734213,734522,734526,734771,734900,735216,735277,735369,735417,735543,735765,735800,735909,736018,736079,736182,736255,736257,736669,736743,736896,737328,737574,737833,737969,738056,738117,738210,738284,738400,738421,738528,738567,738583,738597,738679,738742,739020,739111,739356,739381,739728,739837,739856,740180,740281,740291,740347,740 780,740866,740898,740969,740997,741117,741191,741478,741814,741824,741863,742181,742210,742279,742353,742570,742845,742871,743212,743232,743518,743579,743735,743978,744198,744206,744253,744314,744315,744392,744400,744404,744652,744655,744692,744758,744795,744963,745088,745400,745422,745424,745741,745867,745876,745929,746373,746454,746509,746526,746579,746717,746938,747071,747159,747404,747867,747878,747944,748112,748384,748456,748463,748629,748632,748806,748827,748854,748862,748896,749049,749115,749417,749543,749651,749787,749980,750041,750173,750402,750426,750459,750995,751015,751171,751322,751550,751743,751885,751903,751916,752022,752067,752352,752408,752484,752544,752599,752634,752972,753172,753353,753617,753698,754052,754085,754391,754428,754670,754690,754898,754969,755178,755537,755620,755758,755812,756050,756236,756276,756585,756821,756940,757059,757077,757202,757205,757289,757315,757373,757517,757565,757719,757783,757789,757950,758104,758279,758532,758540,758703,75873 1,758833,759336,759340,759539,759541,759657,759805,759908,759971,760015,760237,760279,760346,760806,760833,760974,761087,761158,761245,761387,761772,761774,761775,762099,762158,762214,762259,762285,762329,762366,762414,762424,762693,762991,762992,763026,763198,763267,763307,763463,763485,763628,763654,763717,763754,763858,763954,763968,764091,764150,764209,764339,764500,764717,764900,765253,765524,766027,766445,766654,766733,767281,767469,767610,767684,767983,768052,768084,768470,768504,768632,769035,769195,769251,769407,769685,770034,770238,770269,770695,770763,771102,771242,771361,771398,771428,771706,771778,772407,772420,772427,772454,772473,772483,772566,772786,772831,772893,773006,773007,773251,773267,773319,773320,773383,773406,773487,773606,773688,773699,773831,773878,774073,774289,774500,774523,774612,774859,774902,774964,774973,775182,775373,775394,775685,775984,776019,776044,776081,776095,776127,776144,776787,776896,777024,777269,777283,778082,778136,778334,778630, 778822,779294,779330,779461,779462,779577,779699,779750,779969,780008,780012,780216,780461,780876,781018,781327,781484,781574,782369,782721,783965,784192,784334,784576,785100,785496,785554,785851,786976,787168,787202,787348,787821,787848,788277,788452,789010,789115,789235,789648,789703,789836,789993,790457,790498,790920,790935,791498,791853,791904,792270,792500,792656,792834,793104,793139,793593,793671,794231,794824,795354,797042,798960,799209,799275,799909,803056,804154 CVE References: CVE-2009-4537,CVE-2010-0415,CVE-2010-0622,CVE-2010-0623,CVE-2010-1173,CVE-2010-1437,CVE-2010-2798,CVE-2010-2803,CVE-2010-2943,CVE-2010-2946,CVE-2010-2959,CVE-2010-2960,CVE-2010-2962,CVE-2010-2963,CVE-2010-3015,CVE-2010-3078,CVE-2010-3079,CVE-2010-3080,CVE-2010-3084,CVE-2010-3437,CVE-2010-3699,CVE-2010-3705,CVE-2010-3861,CVE-2010-3874,CVE-2010-3875,CVE-2010-3876,CVE-2010-3877,CVE-2010-3880,CVE-2010-3881,CVE-2010-4072,CVE-2010-4073,CVE-2010-4075,CVE-2010-4076,CVE-2010-4077,CVE-2010-4082,CVE-2010-4083,CVE-2010-4157,CVE-2010-4158,CVE-2010-4160,CVE-2010-4162,CVE-2010-4163,CVE-2010-4165,CVE-2010-4169,CVE-2010-4175,CVE-2010-4243,CVE-2010-4251,CVE-2010-4258,CVE-2010-4342,CVE-2010-4529,CVE-2010-4656,CVE-2010-4668,CVE-2011-0521,CVE-2011-0710,CVE-2011-1573,CVE-2011-1593,CVE-2011-2479,CVE-2011-2494,CVE-2011-4097,CVE-2011-4127,CVE-2011-4131,CVE-2011-4622,CVE-2012-0045,CVE-2012-0056,CVE-2012-1179,CVE-2012-1601,CVE-2012-2133,CVE-2012-2372,CVE-2012-2373,CVE-2012-2390,CVE-2012-2745,CVE-2012-3 412,CVE-2012-3430,CVE-2012-4461,CVE-2012-5517,CVE-2013-0871 Sources used: openSUSE 11.4 (src): drbd-8.3.11-10.1, iscsitarget-1.4.19-14.3, kernel-docs-3.0.58-30.3, kernel-source-3.0.58-30.1, kernel-syms-3.0.58-30.1, ndiswrapper-1.57rc1-16.2, omnibook-20100406-9.2, open-vm-tools-2012.8.8.1-37.2, preload-1.2-6.25.2, systemtap-1.4-1.5.1, virtualbox-4.0.12-0.54.2
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.novell.com/show_bug.cgi?id=757783#c56
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED
--- Comment #56 from Marcus Meissner meissner@suse.com 2013-10-04 16:02:29 UTC --- lets consider it done for now.
http://bugzilla.novell.com/show_bug.cgi?id=757783
SMASH SMASH smash_bz@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |453 |453 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |455 |455 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |456 |456 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |454 |454 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |462 |462 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |459 |459 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |460 |460 |maint:released:sle11-sp2:47 |maint:released:sle11-sp2:47 |461 |461 | |CVSSv2:NVD:CVE-2012-2127:5. | |0:(AV:N/AC:L/Au:N/C:N/I:N/A | |:P) | |CVSSv2:RedHat:CVE-2012-2127 | |:4.6:(AV:L/AC:L/Au:S/C:N/I: | |N/A:C)
-
bugzilla_noreply@novell.com