port-linux.c bug with oom_adjust_restore() - causes real bad oom_adj - which can cause DoS conditions.
Cal Leeming [Simplicity Media Ltd]
cal.leeming at simplicitymedialtd.co.uk
Tue May 31 07:32:24 EST 2011
So I modified the code to try and repair this oom_adj problem...
port-linux.c:
line 235: //static int oom_adj_save = INT_MIN;
line 236: static int oom_adj_save = 0;
line 277: verbose("Set %s to %d - sleepycal", OOM_ADJ_PATH, oom_adj_save);
I then ran compiled the package, ran SSHd, and yet we still have -17 in
oom_adj_save. Wtf? Now, I'm not much of a C coder, but this is weird
even in my books...
May 30 22:18:19 vicky sshd[12825]: Set /proc/self/oom_adj to -17 - sleepycal
So, I went all out crazy, and did the following patch:
static int sleepycal_oom_adj_save = 0;
verbose("sleepycal_oom_adj_save=%d", sleepycal_oom_adj_save);
if (fprintf(fp, "%d\n", sleepycal_oom_adj_save) <= 0)
verbose("error writing %s: %s", OOM_ADJ_PATH,
strerror(errno));
else
verbose("Set %s to %d - sleepycal", OOM_ADJ_PATH,
sleepycal_oom_adj_save);
And it worked!!! :)
May 30 22:27:12 vicky sshd[2532]: sleepycal_oom_adj_save=0
May 30 22:27:12 vicky sshd[2532]: Set /proc/self/oom_adj to 0 - sleepycal
root at vicky:~/openssh-5.5p1# cat /proc/2532/oom_adj
0
So, it turns out that it is actually OpenSSH which is broken, after
almost 3 days of frustrating digging through millions of lines of code
lol. Anyways, would appreciate if someone could get this merged into
master (obv rename the vars if you want).
Attached is the appropriate patch file as of openssh-5.5p1
Cal
On 30/05/2011 21:56, Cal Leeming [Simplicity Media Ltd] wrote:
> Just did some testing..
>
> root at vicky:~# cat /var/log/auth.log | grep "Set"
> May 30 21:41:05 vicky sshd[1568]: Set /proc/self/oom_adj from -17 to -17
> May 30 21:41:07 vicky sshd[1574]: Set /proc/self/oom_adj to -17
>
> root at vicky:~# ps faux | grep 1574
> root 1574 0.0 0.0 70488 3404 ? Ss 21:41 0:00 \_
> sshd: root at pts/1
>
> root at vicky:~# ps faux | grep "1568"
> root 1568 0.0 0.0 49168 1152 ? Ss 21:41 0:00
> /usr/sbin/sshd
>
> In sshd.c there seems to be:
> static int oom_adj_save = INT_MIN;
>
> root at courtney:~/openssh-5.5p1# grep -R "Set %s to %d" .
> ./openbsd-compat/port-linux.c: verbose("Set %s to %d",
> OOM_ADJ_PATH, oom_adj_save);
>
> Then I tried on a server with different network card hardware (as
> shown below), and got this from the logs:
>
> root at courtney:~/openssh-5.5p1# cat /var/log/auth.log | grep "Set"
> May 30 21:50:15 courtney sshd[4821]: Set /proc/self/oom_adj from 0 to -17
> May 30 21:50:26 courtney sshd[4848]: Set /proc/self/oom_adj to 0
>
> root at courtney:~/openssh-5.5p1# ps faux | grep "4848"
> root 4848 0.0 0.0 70488 3372 ? Ss 21:50 0:00 \_
> sshd: root at pts/1
>
> root at courtney:~/openssh-5.5p1# ps faux | grep "4821"
> root 4821 0.0 0.0 49168 1160 ? Ss 21:50 0:00
> /usr/sbin/sshd
>
> root at courtney:~/openssh-5.5p1# cat /var/log/auth.log | grep -e "Set"
> -e "oom_adjust_restore"
> May 30 21:50:15 courtney sshd[4821]: Set /proc/self/oom_adj from 0 to -17
> May 30 21:50:26 courtney sshd[4848]: debug3: oom_adjust_restore
> May 30 21:50:26 courtney sshd[4848]: Set /proc/self/oom_adj to 0
>
>
>
>
> On 30/05/2011 21:30, Cal Leeming [Simplicity Media Ltd] wrote:
>> Hi all,
>>
>> Please find below a complete transcript of the emails between
>> debian/kernel-mm mailing lists.
>>
>> I've had a response back from someone on the deb mailing list stating:
>>
>> ====================================
>> The bug seems to be that sshd does not reset the OOM adjustment before
>> running the login shell (or other program). Therefore, please report a
>> bug against openssh-server.
>> ====================================
>>
>> Therefore, I am submitting this bug to you also.. If someone would be
>> kind enough to have a flick thru all the below debug/logs, it'd be
>> very much appreciated.
>>
>> Cal
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: oom_patch_for_openssh-5.5p1_by_sleepycal.patch
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110530/3a257e54/attachment.ksh>
More information about the openssh-unix-dev
mailing list