Date: Tue, 14 Mar 2006 10:48:04 +0200 (EET) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: Jon Dama <jd@ugcs.caltech.edu> Cc: Kostik Belousov <kostikbel@gmail.com>, Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-stable@freebsd.org, Michael Proto <mike@jellydonut.org> Subject: Re: RELENG_4 on flash disk and swap Message-ID: <20060314095808.I12991@atlantis.atlantis.dp.ua> In-Reply-To: <Pine.LNX.4.53.0603131119220.30166@hurl.ugcs.caltech.edu> References: <20060302181625.I3905@atlantis.atlantis.dp.ua> <76FAD2DB-CD18-42D4-95C8-F016CFB17B00@segpub.com.au> <20060303110936.R86586@atlantis.atlantis.dp.ua> <20060303185157.GB692@turion.vk2pj.dyndns.org> <20060304001224.G356@atlantis.atlantis.dp.ua> <20060304065138.GD692@turion.vk2pj.dyndns.org> <20060310121758.S80837@atlantis.atlantis.dp.ua> <20060310123942.GI37572@deviant.kiev.zoral.com.ua> <20060310153737.X40396@atlantis.atlantis.dp.ua> <20060310193248.GC688@turion.vk2pj.dyndns.org> <Pine.LNX.4.53.0603131119220.30166@hurl.ugcs.caltech.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello!
I won't reply to the overcommit part of your letter, since my concern
is rather local: I'm just not sure whether FreeBSD does it's best
during the DoS-attack in swapless environment.
On Mon, 13 Mar 2006, Jon Dama wrote:
> Also, when the system is page-starved it kills the largest consumer of
> pages that has the same UID as the process that pushed the system over the
> limit---not merely the largest consumer of pages. So you see, running
> critical services that carefully pre-allocate and fault their memory is
> possible within the overcommit framework.
I fail to see any UID check in this code (/sys/vm/vm_pageout.c from
RELENG_4_11, the last part of vm_pageout_scan()):
/*
* If we are out of swap and were not able to reach our paging
* target, kill the largest process.
*/
if ((vm_swap_size < 64 && vm_page_count_min()) ||
(swap_pager_full && vm_paging_target() > 0)) {
#if 0
if ((vm_swap_size < 64 || swap_pager_full) && vm_page_count_min()) {
#endif
bigproc = NULL;
bigsize = 0;
for (p = allproc.lh_first; p != 0; p = p->p_list.le_next) {
/*
* if this is a system process, skip it
*/
if ((p->p_flag & P_SYSTEM) || (p->p_pid == 1) ||
((p->p_pid < 48) && (vm_swap_size != 0))) {
continue;
}
/*
* if the process is in a non-running type state,
* don't touch it.
*/
if (p->p_stat != SRUN && p->p_stat != SSLEEP) {
continue;
}
/*
* get the process size
*/
size = vmspace_resident_count(p->p_vmspace) +
vmspace_swap_count(p->p_vmspace);
/*
* if the this process is bigger than the biggest one
* remember it.
*/
if (size > bigsize) {
bigproc = p;
bigsize = size;
}
}
if (bigproc != NULL) {
killproc(bigproc, "out of swap space");
bigproc->p_estcpu = 0;
bigproc->p_nice = PRIO_MIN;
resetpriority(bigproc);
wakeup(&cnt.v_free_count);
}
}
Neither I see UID check in the fresh CURRENT.
Also, even if UID check were here, it wouldn't buy much for us, since
during the DoS attack the target is the main listener (say, sshd or sendmail),
and it always runs as root because otherwise it couldn't listen at port <
1024.
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060314095808.I12991>