Bug 812676

Summary: sshd does not reset oom_score_adj to 0
Product: [Fedora] Fedora Reporter: Laurent Poirrier <lpoirrier>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: mattias.ellert, mgrepl, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openssh-5.6p1-36.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1071290 (view as bug list) Environment:
Last Closed: 2012-04-22 03:25:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1071290    
Attachments:
Description Flags
three excerpts of /var/log/messages none

Description Laurent Poirrier 2012-04-15 21:43:57 UTC 
Created attachment 577588 [details]
three excerpts of /var/log/messages

Description of problem:

When connecting to a Fedora 15 host through ssh, the remote shell (and its child processes) inherits oom_score_adj=-1000, instead of the expected 0. If these processes exhaust the available memory, then the oom killer terminates some daemons instead of them, resulting in a DoS condition.

Version-Release number of selected component (if applicable):

- OpenSSH_5.6p1, OpenSSL 1.0.0h-fips 12 Mar 2012
- rpm package: openssh-server-5.6p1-35.fc15.x86_64
- Linux 2.6.42.12-1.fc15.x86_64 #1 SMP Tue Mar 20 16:30:08 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

also occured on
- OpenSSH_5.6p1, OpenSSL 1.0.0g-fips 18 Jan 2012
- rpm package: openssh-server-5.6p1-34.fc15.i686
- Linux 2.6.41.10-3.fc15.i686.PAE #1 SMP Mon Jan 23 15:36:55 UTC 2012 i686 i686 i386 GNU/Linux

How reproducible:
100%

Steps to Reproduce:
1. ssh user@fc15_host
2. cat /proc/self/oom_score_adj
  
Actual results:

oom_score_adj is -1000

Expected results:

oom_score_adj is 0

Additional info:

- Fixed in Fedora 16 (as of openssh-server-5.8p2-25.fc16.x86_64).
- Leads the oom killer to select root daemons (in the attachment: systemd-logger, atd, avahi-daemon, smartd, irqbalance, dhclient, NetworkManager) over offending user process (in the attachment: main, treeUB), resulting in a DoS condition.
- May be related: an earlier version (openssh-5.6p1-33.fc15.1.x86_64) used deprecated oom_adj instead of oom_score_adj (Bug 727335).
Comment 1 Petr Lautrbach 2012-04-16 02:45:44 UTC 
There was a typo in the openssh-5.6p1-linux-oomkiller.patch:

-+      if (oom_adj_save == INT_MIN || oom_adj_save == NULL ||
++      if (oom_adj_save == INT_MIN || oom_adj_path == NULL ||


$ ssh root@f15-openssh

[root@f15-openssh ~]# rpm -q openssh-server
openssh-server-5.6p1-36.fc15.x86_64

[root@f15-openssh ~]# cat /proc/$$/oom_*
0
1
0


Note: This sshd update should be restarted from a console in order not to inherit oom values from the running ssh shell.


Thanks for the report.
Comment 2 Fedora Update System 2012-04-16 02:49:07 UTC 
openssh-5.6p1-36.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/openssh-5.6p1-36.fc15
Comment 3 Fedora Update System 2012-04-18 19:31:23 UTC 
Package openssh-5.6p1-36.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-5.6p1-36.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-6025/openssh-5.6p1-36.fc15
then log in and leave karma (feedback).
Comment 4 Laurent Poirrier 2012-04-18 20:45:18 UTC 
Tested openssh-5.6p1-36.fc15, oom_score_adj is back to normal.
Feel free to close the bug. Thanks for the fix!
Comment 5 Fedora Update System 2012-04-22 03:25:40 UTC 
openssh-5.6p1-36.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.