This bug is awaiting verification that the linux-azure- fde-6.8/6.8.0-1041.48~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux- azure-fde-6.8' to 'verification-done-jammy-linux-azure-fde-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux- azure-fde-6.8' to 'verification-failed-jammy-linux-azure-fde-6.8'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-azure-fde-6.8-v2 verification-needed-jammy-linux-azure-fde-6.8 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2122554 Title: memory leaks when configuring a small rate limit in audit Status in linux package in Ubuntu: Fix Released Status in linux source package in Noble: Fix Committed Status in linux source package in Plucky: Fix Committed Status in linux source package in Questing: Fix Released Bug description: [Impact] When the audit rate limit is exceeded, memory starts leaking, this can be observed by: watch -d -n 1 grep -i SUnreclaim' /proc/meminfo Unreclaimable slab grows rapidly and lead to run out of all available memory Only reboot can recover it. 5.15 kernel doesn't have this issue, it's introduced later than 5.19 kernel, and caused by LSM stacking code. [Fix] This upstream patch fixes the issue: https://lore.kernel.org/audit/[email protected]/T/#t and merged into maintainer's tree: https://github.com/linux-audit/audit-kernel/commit/d2c773159327f4d2f6438acf1ae2ae9ac0ca46a9 [Test Plan] Add the following line to set a small rate limit in /etc/audit/rules.d/audit.rules: -a always,exit -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access -r 100 Trigger permission denied by running the following command as a normal user: while :; do cat /proc/1/environ; done Make sure we see the warning message in kernel log: [ 2531.862184] audit: rate limit exceeded [Where problems could occur] Originally the skb is leak and no one is able to process or free it anymore. The above patch just frees the leaking skb when rate limit is exceeded, there won't be any additional impact. [ Other Info ] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2098730 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2122554/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
