39cce16cfeed UBUNTU: SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED
in 5.15.0-53-generic, the kmalloc-k slab did not uncontrollably increase, but
that is okay, it is just the leak isn't reachable with landlock not using the
task_getsecid_obj hook.
This means this verification is more of a smoke test than checking root cause.
I then enabled -proposed, and installed 5.15.0-68-generic, and rebooted.
I again ran stress-ng and checked the kmalloc-2k slab, and all was well, there
was no memory leak.
The core issue was fixed, but again, masked by the previous fix in
5.15.0-53-generic.
There was no smoke, and things ran as expected. Marking verified for Jammy.
Performing verification for Jammy.
I started a fresh Jammy VM, and installed 5.15.0-67-generic from -updates.
I appended apparmor=0 to GRUB_CMDLINE_ LINUX_DEFAULT, updated grub, and rebooted.
From there, I installed auditd, and stress-ng. I edited /etc/audit/ rules.d/ audit.rules to include:
-a exit,always -F arch=b64 -S execve
-a exit,always -F arch=b32 -S execve
I then rebooted, and started stress-ng.
I checked the kmalloc-2k slab with:
$ watch "sudo cat /proc/meminfo | grep SUnreclaim"
$ watch "sudo cat /proc/slabinfo | grep kmalloc-2k"
$ sudo slabtop
Now, since this bug has been worked around by:
39cce16cfeed UBUNTU: SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED
in 5.15.0-53-generic, the kmalloc-k slab did not uncontrollably increase, but
that is okay, it is just the leak isn't reachable with landlock not using the
task_getsecid_obj hook.
This means this verification is more of a smoke test than checking root cause.
I then enabled -proposed, and installed 5.15.0-68-generic, and rebooted.
I again ran stress-ng and checked the kmalloc-2k slab, and all was well, there
was no memory leak.
The core issue was fixed, but again, masked by the previous fix in
5.15.0-53-generic.
There was no smoke, and things ran as expected. Marking verified for Jammy.