[slurm-announce] Slurm versions 20.02.3 and 19.05.7 are now available (CVE-2020-12693)

Tim Wickberg tim at schedmd.com
Thu May 21 20:54:58 UTC 2020 

Slurm versions 20.02.3 and 19.05.7 are now available, and include a 
series of recent bug fixes, as well as a fix for a security issue with 
the optional message aggregation feature.

SchedMD customers were informed on May 7th and provided a patch on 
request; this process is documented in our security policy [1].

CVE-2020-12693:

A review of what was intended to be a minor cleanup patch uncovered an 
underlying race condition for systems with Message Aggregation enabled. 
This race condition could allow a user to launch a process as an 
arbitrary user.

This is only an issue for systems with Message Aggregation enabled, 
which we expect to be a small number of Slurm installations in practice.

Message Aggregation is off in Slurm by default, and is only enabled by 
MsgAggregationParams=WindowMsgs=<msgs>, where <msgs> is greater than 1. 
(Using Message Aggregation on your systems is not a recommended 
configuration at this time, and we may retire this subsystem in a future 
Slurm release in favor of other RPC aggregation techniques. Although 
care must be taken before disabling this to avoid communication issues.)

Downloads are available at https://www.schedmd.com/downloads.php .

Release notes follow below.

- Tim

[1] https://www.schedmd.com/security.php

-- 
Tim Wickberg
Chief Technology Officer, SchedMD LLC
Commercial Slurm Development and Support

> * Changes in Slurm 20.02.3
> ==========================
>  -- Factor in ntasks-per-core=1 with cons_tres.
>  -- Fix formatting in error message in cons_tres.
>  -- Fix calling stat on a NULL variable.
>  -- Fix minor memory leak when using reservations with flags=first_cores.
>  -- Fix gpu bind issue when CPUs=Cores and ThreadsPerCore > 1 on a node.
>  -- Fix --mem-per-gpu for heterogenous --gres requests.
>  -- Fix slurmctld load order in load_all_part_state().
>  -- Fix race condition not finding jobacct gather task cgroup entry.
>  -- Suppress error message when selecting nodes on disjoint topologies.
>  -- Improve performance of _pack_default_job_details() with large number of job
>     arguments.
>  -- Fix archive loading previous to 17.11 jobs per-node req_mem.
>  -- Fix regresion validating that --gpus-per-socket requires --sockets-per-node
>     for steps. Should only validate allocation requests.
>  -- error() instead of fatal() when parsing an invalid hostlist.
>  -- nss_slurm - fix potential deadlock in slurmstepd on overloaded systems.
>  -- cons_tres - fix --gres-flags=enforce-binding and related --cpus-per-gres.
>  -- cons_tres - Allocate lowest numbered cores when filtering cores with gres.
>  -- Fix getting system counts for named GRES/TRES.
>  -- MySQL - Fix for handing typed GRES for association rollups.
>  -- Fix step allocations when tasks_per_core > 1.
>  -- Fix allocating more GRES than requested when asking for multiple GRES types.

> * Changes in Slurm 19.05.7
> ==========================
>  -- Fix handling of -m/--distribution options for across socket/2nd level by
>     task/affinity plugin.
>  -- Fix grp_node_bitmap error when slurmctld started before slurmdbd.
>  -- Fix compilation issues in GCC10.
>  -- Fix distributing job steps across idle nodes within a job.
>  -- Break infinite loop in cons_tres dealing with incorrect tasks per tres
>     request resulting in slurmctld hang.
>  -- priority/multifactor - gracefully handle NULL list of associations or array
>     of siblings when calculating FairTree fairshare.
>  -- Fix cons_tres --exclusive=user to allocate only requested number of CPUs.
>  -- Add MySQL deadlock detection and automatic retry mechanism.
>  -- Fix _verify_node_state memory requested as --mem-per-gpu DefMemPerGPU.
>  -- Factor in ntasks-per-core=1 with cons_tres.
>  -- Fix formatting in error message in cons_tres.
>  -- Fix gpu bind issue when CPUs=Cores and ThreadsPerCore > 1 on a node.
>  -- Fix --mem-per-gpu for heterogenous --gres requests.
>  -- Fix slurmctld load order in load_all_part_state().
>  -- Fix getting system counts for named GRES/TRES.
>  -- MySQL - Fix for handing typed GRES for association rollups.
>  -- Fix step allocations when tasks_per_core > 1.

More information about the slurm-announce mailing list