Recursive function causes DoS in tpe-lkm

I’ve discovered my first denial-of-service bug in the linux kernel. I’m a bit teary eyed, not because the bug was in my own code, but it marks the first bug I’ve found in linux kernel code.

Not worth of a CVE or anything, because I still haven’t declared the code stable, and I don’t imagine many people use this thing just yet. But in the interest of full disclosure, here is information about the bug.

It’s caused by a recursive function when reporting denied executions, parent_task_walk(). You can view the code here:

https://github.com/cormander/tpe-lkm/blob/319e1e29ea23055cca1c0a3bce3c865def14d3d2/core.c#L61

Launch enough shells on top of each other, and then try to execute something in an un-trusted path, and BAM! You’ve just crashed the machine.

Recursive function in the linux kernel? What was I thinking? I wasn’t, actually, as my main goal with the project initially was proof-of-concept. Now that I’m actually using the thing in ad-hoc production environments, it’s time I search the code for problems. Well, I found one!

Since it’s late and I’m not going to fix it tonight, I opted to ask for what the best approach would be on stack overflow:

http://stackoverflow.com/questions/8207833/walking-the-process-tree-in-the-linux-kernel

I’ll have a fix pushed out some time this week. It’ll be your thanksgiving present.

One thought on “Recursive function causes DoS in tpe-lkm”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>