port-linux.c bug with oom_adjust_restore() - causes real bad oom_adj - which can cause DoS conditions.
Roumen Petrov
openssh at roumenpetrov.info
Wed Jun 1 06:07:38 EST 2011
Darren Tucker wrote:
> On Tue, May 31, 2011 at 10:18 PM, Cal Leeming [Simplicity Media Ltd]
> <cal.leeming at simplicitymedialtd.co.uk> wrote:
> [...]
>
>> Oh trust me, I looked *everywhere*. Even to the extent of running
>> tripwire from a bare bones system, and looking manually at every
>> change made. I also looked for loads of different keywords (-17, oom,
>> proc, self) etc. Spent hours on it :/
>>
>> As for the comment about the modprobe, I already did all this (full
>> debug can be found at
>> http://www.debianhelp.org/content/cgroup-oom-killer-loop-causes-system-lockup-possible-fix-included
>> ), and found that when the bnx2 module isn't loaded, the problem goes
>> away.. When it is loaded, the problem comes back.
>>
> Did you check /proc/self/oom_adj before and after loading the module?
> I don't see that in there, and it it *does* change it would eliminate
> sshd as a variable.
>
> As a workaround, you could add "echo 0>/proc/self/oom_adj" to
> /etc/default/ssh. It's a bit ugly, but at least you wouldn't need to
> recompile anything.
>
May is not related but /proc/self/oom_adjis is reported as deprecated:
syslog:<DATE> <HOST> kernel: udevd (<PID>): /proc/<PID>/oom_adj is
deprecated, please use /proc/<PID>/oom_score_adj instead, where kernel
is 2.6.38.6. I see oom_score_adj for first time in 2.6.36 .
Regards,
Roumen
--
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/
More information about the openssh-unix-dev
mailing list