Bug 1071290

Summary: sshd does not reset oom_score_adj to 0
Product: Red Hat Enterprise Linux 6 Reporter: Rupesh Patel <rupatel>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: lpoirrier, mattias.ellert, mgrepl, plautrba, pvrabec, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 812676 Environment:
Last Closed: 2014-06-13 12:58:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 812676    
Bug Blocks: 1070830    

Description Rupesh Patel 2014-02-28 12:51:23 UTC 
+++ This bug was initially created as a clone of Bug #812676 +++

Description of problem:

When connecting to a Fedora 15 host through ssh, the remote shell (and its child processes) inherits oom_score_adj=-1000, instead of the expected 0. If these processes exhaust the available memory, then the oom killer terminates some daemons instead of them, resulting in a DoS condition.

Version-Release number of selected component (if applicable):

- OpenSSH_5.6p1, OpenSSL 1.0.0h-fips 12 Mar 2012
- rpm package: openssh-server-5.6p1-35.fc15.x86_64
- Linux 2.6.42.12-1.fc15.x86_64 #1 SMP Tue Mar 20 16:30:08 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

also occured on
- OpenSSH_5.6p1, OpenSSL 1.0.0g-fips 18 Jan 2012
- rpm package: openssh-server-5.6p1-34.fc15.i686
- Linux 2.6.41.10-3.fc15.i686.PAE #1 SMP Mon Jan 23 15:36:55 UTC 2012 i686 i686 i386 GNU/Linux

How reproducible:
100%

Steps to Reproduce:
1. ssh user@fc15_host
2. cat /proc/self/oom_score_adj
  
Actual results:

oom_score_adj is -1000

Expected results:

oom_score_adj is 0

Additional info:

- Fixed in Fedora 16 (as of openssh-server-5.8p2-25.fc16.x86_64).
- Leads the oom killer to select root daemons (in the attachment: systemd-logger, atd, avahi-daemon, smartd, irqbalance, dhclient, NetworkManager) over offending user process (in the attachment: main, treeUB), resulting in a DoS condition.
- May be related: an earlier version (openssh-5.6p1-33.fc15.1.x86_64) used deprecated oom_adj instead of oom_score_adj (Bug 727335).

--- Additional comment from Petr Lautrbach on 2012-04-15 22:45:44 EDT ---

There was a typo in the openssh-5.6p1-linux-oomkiller.patch:

-+      if (oom_adj_save == INT_MIN || oom_adj_save == NULL ||
++      if (oom_adj_save == INT_MIN || oom_adj_path == NULL ||


$ ssh root@f15-openssh

[root@f15-openssh ~]# rpm -q openssh-server
openssh-server-5.6p1-36.fc15.x86_64

[root@f15-openssh ~]# cat /proc/$$/oom_*
0
1
0


Note: This sshd update should be restarted from a console in order not to inherit oom values from the running ssh shell.


Thanks for the report.

--- Additional comment from Fedora Update System on 2012-04-15 22:49:07 EDT ---

openssh-5.6p1-36.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/openssh-5.6p1-36.fc15

--- Additional comment from Fedora Update System on 2012-04-18 15:31:23 EDT ---

Package openssh-5.6p1-36.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-5.6p1-36.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-6025/openssh-5.6p1-36.fc15
then log in and leave karma (feedback).

--- Additional comment from Laurent Poirrier on 2012-04-18 16:45:18 EDT ---

Tested openssh-5.6p1-36.fc15, oom_score_adj is back to normal.
Feel free to close the bug. Thanks for the fix!

--- Additional comment from Fedora Update System on 2012-04-21 23:25:40 EDT ---

openssh-5.6p1-36.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Petr Lautrbach 2014-06-13 12:58:37 UTC 
It's seems to be related to the reload of sshd as described at https://bugzilla.redhat.com/show_bug.cgi?id=1010429#c0


# cat /proc/`cat /var/run/sshd.pid`/oom_score_adj
-1000

# ssh localhost
root@localhost's password: 
Last login: Fri Jun 13 14:40:49 2014 from master.virt

# cat /proc/$$/oom_score_adj
0

# service sshd reload
Reloading sshd:                                            [  OK  ]

# cat /proc/`cat /var/run/sshd.pid`/oom_score_adj
-1000

# ssh localhost
root@localhost's password: 
Last login: Fri Jun 13 14:54:01 2014 from localhost

# cat /proc/$$/oom_score_adj
-1000

*** This bug has been marked as a duplicate of bug 1010429 ***