From nobody Tue Dec 30 17:59:17 2025 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dggny2hr0z6MHWL for ; Tue, 30 Dec 2025 17:59:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dggny1nC9z3Km1 for ; Tue, 30 Dec 2025 17:59:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767117558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pUaXIjR16JAoE3aKkyrWtvAJx0s+I0SJgBx6vXFuOnc=; b=mNyC7DM7aZMtSDLM7xKNx2MNBCufm88A1pa/wll6kbCZTNxRnqSwu9HvntVfCXPJag5Ezt +j27XCV1uoHy0RALfCIMFpXVmczb17L+VXYSJ6gB2lwyVlSGL21tQvj/v9O0/TMt9Bzigh tix8OIoR0vvMjnWu3tL5R4LhfoT/HNSCQQqhmjspBsu/b9Q+NbU0QnNMCzU8L87n/uBfc0 eVS8VOI0XLqJ82GOV4tp5j4oC30XUDMf0PLDteuNbWyragYGUTvCxJe8zLnOgjkTBDJUak DHx+xUEQ/QqhAwXr6QzuohGUuQK3XQVjp/01Pxn1QhN/2uACBwpGDLcjVSH+2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767117558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pUaXIjR16JAoE3aKkyrWtvAJx0s+I0SJgBx6vXFuOnc=; b=ZSMNZL/aXn7MP9YDjwi8yKlX3j/nI7zUkJIHDUWJohcdpsh8uO/ER5yK0OkYL54Z95/v2V K1XOsu0E89Tr0YAW6X3y0gp0EkIDBqrdKnrqIYmcj5vrdu3ZhdatJlADacNKNewQcX0Lry kDjlkWYojg96H0HHwGNQw/NHXTYm0dNNnQeE/DkCJowUIe/NrhKh8NfqmnySMkS2fDEJBO CeNSq7ACQRrpvKITd/GO5qWBY91nRor6htcVo4hABtBkzjMt8HyBM1pJPsWilQlWoojKMq iwZBfjPheW4GeUU8Qm11DtN07htSeRDKdLNxYpCD1hrVWjddlB2z1JfLy0/0Tg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1767117558; a=rsa-sha256; cv=none; b=cwWBKi+W4OFJMkZFUhTpNfypbxVmKOT6MCJ+QV8wH5eYczoAEv5K5AxsRIyI8GRXsmCRRp dhGVnBuJ32gFC8SSHi4wzZWKMQoyAM38/j9ojHC8TBvcpP8JFwzS4yhz8J8eOG8bpU1p6q JM9uJTbOQXThYCTC/5RktA0Dd/hTnzVuyYpBOoD3L3dOUfMiyZ2TYuXw/CeuGCHKlwBKtT ndX/2EtlJ3PMlapGkeN8DsBXv0XHz/+68n0n5ptKn+6RJOD2mdRMytK4i1cMMR80r+urOa VGQLXTDNhVz4wgCoV+Mmi0yAXeCdg7BGSqA890MBofTVrSzjeY8fw5uQvKZQ0A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4dggny0DyNz19pV for ; Tue, 30 Dec 2025 17:59:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 5BUHxHnh027779 for ; Tue, 30 Dec 2025 17:59:17 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 5BUHxHej027778 for bugs@FreeBSD.org; Tue, 30 Dec 2025 17:59:17 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 292049] Lock resource exhaustion can lead to system degradation Date: Tue, 30 Dec 2025 17:59:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 15.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: chwoithe@yahoo.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.mimetype attachments.created Message-ID: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D292049 Bug ID: 292049 Summary: Lock resource exhaustion can lead to system degradation Product: Base System Version: 15.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: chwoithe@yahoo.com Attachment #266656 text/plain mime type: Created attachment 266656 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D266656&action= =3Dedit Proof of concept The attached sample program can exhaust system resources by endlessly creat= ing locks. A user with system access can quickly degrade the system's performan= ce. Although this takes longer than for a local user, a remote user accessing an NFSv3 lockd=E2=80=91enabled share can also exhaust the remote system's reso= urces. # kernel stack without NFSv3 (local) kernel`lf_advlock+0x45 kernel`vop_stdadvlock+0x191 kernel`VOP_ADVLOCK+0x3a kernel`kern_fcntl+0xd17 kernel`kern_fcntl_freebsd+0xa3 kernel`amd64_syscall+0x126 kernel`0xffffffff8105080b # user stack without NFSv3 (local) libsys.so.7`_fcntl+0xa a.out`main+0x11a libc.so.7`__libc_start1+0x12f a.out`_start+0x24 `0x1a4a59003008 # kernel stack with NFSv3 kernel`lf_advlock+0x45 kernel`vop_stdadvlock+0x175 kernel`VOP_ADVLOCK_APV+0x51 kernel`nlm_do_lock+0x365 kernel`nlm4_lock_4_svc+0x11 kernel`nlm_prog_4+0x26c kernel`svc_run_internal+0xaa8 kernel`svc_run+0x280 kernel`sys_nlm_syscall+0x75c kernel`amd64_syscall+0x169 kernel`0xffffffff810bf9ab # user stack with NFSv3 libsys.so.7`nlm_syscall+0xa libc.so.7`__libc_start1+0x12f rpc.lockd`_start+0x21 `0x59ca90603008 # rc.conf mountd_enable=3D"YES" nfs_server_enable=3D"YES" nfsv4_server_enable=3D"NO" rpcbind_enable=3D"YES" rpc_lockd_enable=3D"YES" rpc_statd_enable=3D"YES" # sysctl.conf vfs.nfsd.server_min_nfsvers=3D3 vfs.nfsd.server_max_nfsvers=3D3 For convenience, the client machine mounting the NFSv3 share had more system memory than the remote NFSv3 server. If necessary, multiple instances of the sample program can be run on the client machine to speed up lock acquisitio= n. I was unable to cause system degradation with NFSv4. I believe this is limi= ted by vfs.nfsd.v4statelimit. OpenBSD and NetBSD may already enforce some limits, although I have not tes= ted this. OpenBSD: https://man.openbsd.org/sysctl.2#KERN_MAXLOCKSPERUID~2 https://github.com/openbsd/src/blob/8f537029576d9ea2ca0aba908b4f5e7fe29aeac= f/sys/kern/kern_sysctl.c#L393 https://github.com/openbsd/src/blob/8f537029576d9ea2ca0aba908b4f5e7fe29aeac= f/sys/kern/vfs_lockf.c#L156-L189 NetBSD: https://github.com/NetBSD/src/blob/7ef4a0317b218d1df5ce1956f4cc84392e0bb9a8= /sys/kern/vfs_lockf.c#L118-L128 https://github.com/NetBSD/src/blob/7ef4a0317b218d1df5ce1956f4cc84392e0bb9a8= /sys/kern/vfs_lockf.c#L191-L215 --=20 You are receiving this mail because: You are the assignee for the bug.=