From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 7 11:42:54 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D997EE3D for ; Mon, 7 Apr 2014 11:42:54 +0000 (UTC) Received: from nm20-vm6.bullet.mail.ir2.yahoo.com (nm20-vm6.bullet.mail.ir2.yahoo.com [212.82.96.248]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 33CE515E for ; Mon, 7 Apr 2014 11:42:53 +0000 (UTC) Received: from [212.82.98.53] by nm20.bullet.mail.ir2.yahoo.com with NNFMP; 07 Apr 2014 11:40:03 -0000 Received: from [46.228.39.92] by tm6.bullet.mail.ir2.yahoo.com with NNFMP; 07 Apr 2014 11:40:03 -0000 Received: from [127.0.0.1] by smtp129.mail.ir2.yahoo.com with NNFMP; 07 Apr 2014 11:40:03 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.es; s=s1024; t=1396870803; bh=p2P/FlyBpj1u3wE1dFIDxEHmJ/L9dTL23sspqt0aztc=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Date:From:To:Subject:Message-Id:In-Reply-To:References:X-Mailer:Disposition-Notification-To:Mime-Version:Content-Type:Content-Transfer-Encoding; b=1YsjeBNUBOAew+qMTkyjEMSTKaSeA+Y/ZtGnU5SDXeoPs1XvTmC7WC8f6lRKh7eKzNNKpBQk2e4A/vkhNUkARkKl0p8SH4k+qnfOBBiQApGBO1fRLOJq3ZtM0IWXQAjOkBaDLYMkQlhIyOXZfQWYDghpwlwDTFS/M3F/SGCxxhc= X-Yahoo-Newman-Id: 496745.288.bm@smtp129.mail.ir2.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: bSc9QlsVM1kJCbCDhcor5nBSRDywLXcuNnRBbTyNDOc0ndG hl0MRF2rxzBKe6mkJ6nM47Dqoaq1teJSvd8uKX9TBccTHAn0Jw.nkXiAouFk xQZO7acbSTIKBm0c5G5TMd7WWzvdM3S_TWJ_6T3BaI.DK34nIblNbH3ZTVdN oDze5HKjJQL87qOEl4fm40fBlUZUM_l7zoxhtcDPDvVmx4b1N8VTkoFHeJHV OqZMm1WTvLLEBUREAppWW46idjNt5c5vKHRTawjFDr4c0Gr5q_8cNjxCoEjx szIDDFX3ERZYZS_QY75hi62Uj3EPmEe2aqk.DjlsqnCSGvpNZaA2gXWqD4am iBeaezos0muo55o7_tdCkIi_NbCnZMbNtcfq8e5ZB6B4TiPowW3zGHYr_3RD s9.gJvYfXSd8KYVGzkMIjInTYGUBRMuPbTBfAhQmVKjIEtXMmkql5jdge_jR DiImwHQY27uRNtVAe5tqDGZvonfYAgZL2T6dPCpJIbcXjuXAEjMeiQ8loSQ- - X-Yahoo-SMTP: mX392iiswBAeJNdO_s.EW62LZDJR X-Rocket-Received: from camibar.emorras.eu (emorrasg@83.173.184.241 with plain [63.250.193.228]) by smtp129.mail.ir2.yahoo.com with SMTP; 07 Apr 2014 11:40:03 +0000 UTC Date: Mon, 7 Apr 2014 13:42:35 +0200 From: Eduardo Morras To: freebsd-hackers@freebsd.org Subject: Re: pipe() resource exhaustion Message-Id: <20140407134235.eed2e9555c76f5834d991bfa@yahoo.es> In-Reply-To: References: X-Mailer: Sylpheed 3.3.1 (GTK+ 2.24.22; amd64-portbld-freebsd9.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2014 11:42:55 -0000 On Mon, 07 Apr 2014 13:02:22 +0200 Ivan Voras wrote: > Hello, > > Last time I mentioned this it didn't get any attention, so I'll try > again. By accident (via a buggy synergy server process) I found that a > simple userland process can exhaust kernel pipe memory > (kern.ipc.pipekva sysctl) which as a consequence has that new > processes which use pipe cannot be started, which includes "su", by > which an administrator could kill such a process. > > The description is simple enough, I don't think a proof of concept is > really needed, but here it is: > > step 1: > run this as a normal, non-root user: > > #include > #include > #include > #include > #include > #include > > int main() { > int fd[2]; > int is_error = 0; > > while (1) { > if (pipe(fd) != 0) { > if (!is_error) { > printf("%s\n", strerror(errno)); > is_error = 1; > } > } > } > } > > step 2: > try and fail to run "su" in another terminal: > > $ su > Password: > su: pipe: Cannot allocate memory > > I'm sure this has other implications as well :) > Each time you call pipe(fd) inside the while, you create a new pipe. Perhaps you wanted to say: #include #include #include #include #include #include int main() { int fd[2]; int is_error = 0; if (pipe(fd) != 0) { if (!is_error) { printf("%s\n", strerror(errno)); is_error = 1; } } while (1) { /* Do whatever you want with pipe fd */ } close(fd); } Synergy server process, as you said, is buggy if it does things as your example program. > The problem isn't present on all systems: on some it looks like the > limit on fd's is reached faster than the limit on pipekva. Of 5 > machines I tested, 3 running 9.x and 2 running 10.x, both machines > running 10.x exhaust pipekva before fd's, while only one machine > running 9.x did that. Neither machine had increased fd limits above > the autotuned defaults. > > Anecdotally, a machine which was running 9.x didn't experience this > problem with synergys, but it did when upgraded to 10.x with no change > to sysctl configuration. Often short-live buggy process don't show any problems because they exit before they happen. --- --- Eduardo Morras