port-linux.c bug with oom_adjust_restore() - causes real bad oom_adj - which can cause DoS conditions.

Roumen Petrov openssh at roumenpetrov.info
Wed Jun 1 06:07:38 EST 2011


Darren Tucker wrote:
> On Tue, May 31, 2011 at 10:18 PM, Cal Leeming [Simplicity Media Ltd]
> <cal.leeming at simplicitymedialtd.co.uk>  wrote:
> [...]
>    
>> Oh trust me, I looked *everywhere*. Even to the extent of running
>> tripwire from a bare bones system, and looking manually at every
>> change made. I also looked for loads of different keywords (-17, oom,
>> proc, self) etc. Spent hours on it :/
>>
>> As for the comment about the modprobe, I already did all this (full
>> debug can be found at
>> http://www.debianhelp.org/content/cgroup-oom-killer-loop-causes-system-lockup-possible-fix-included
>> ), and found that when the bnx2 module isn't loaded, the problem goes
>> away.. When it is loaded, the problem comes back.
>>      
> Did you check /proc/self/oom_adj before and after loading the module?
> I don't see that in there, and it it *does* change it would eliminate
> sshd as a variable.
>
> As a workaround, you could add "echo 0>/proc/self/oom_adj" to
> /etc/default/ssh.  It's a bit ugly, but at least you wouldn't need to
> recompile anything.
>    

May is not related but /proc/self/oom_adjis is reported as deprecated:
syslog:<DATE> <HOST> kernel: udevd (<PID>): /proc/<PID>/oom_adj is 
deprecated, please use /proc/<PID>/oom_score_adj instead, where kernel 
is  2.6.38.6. I see oom_score_adj for first time in 2.6.36 .

Regards,
Roumen

-- 
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/



More information about the openssh-unix-dev mailing list