RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1071290 - sshd does not reset oom_score_adj to 0
Summary: sshd does not reset oom_score_adj to 0
Keywords:
Status: CLOSED DUPLICATE of bug 1010429
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openssh
Version: 6.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On: 812676
Blocks: 1070830
TreeView+ depends on / blocked
 
Reported: 2014-02-28 12:51 UTC by Rupesh Patel
Modified: 2014-09-01 12:43 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 812676
Environment:
Last Closed: 2014-06-13 12:58:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Rupesh Patel 2014-02-28 12:51:23 UTC 
+++ This bug was initially created as a clone of Bug #812676 +++

Description of problem:

When connecting to a Fedora 15 host through ssh, the remote shell (and its child processes) inherits oom_score_adj=-1000, instead of the expected 0. If these processes exhaust the available memory, then the oom killer terminates some daemons instead of them, resulting in a DoS condition.

Version-Release number of selected component (if applicable):

- OpenSSH_5.6p1, OpenSSL 1.0.0h-fips 12 Mar 2012
- rpm package: openssh-server-5.6p1-35.fc15.x86_64
- Linux 2.6.42.12-1.fc15.x86_64 #1 SMP Tue Mar 20 16:30:08 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

also occured on
- OpenSSH_5.6p1, OpenSSL 1.0.0g-fips 18 Jan 2012
- rpm package: openssh-server-5.6p1-34.fc15.i686
- Linux 2.6.41.10-3.fc15.i686.PAE #1 SMP Mon Jan 23 15:36:55 UTC 2012 i686 i686 i386 GNU/Linux

How reproducible:
100%

Steps to Reproduce:
1. ssh user@fc15_host
2. cat /proc/self/oom_score_adj
  
Actual results:

oom_score_adj is -1000

Expected results:

oom_score_adj is 0

Additional info:

- Fixed in Fedora 16 (as of openssh-server-5.8p2-25.fc16.x86_64).
- Leads the oom killer to select root daemons (in the attachment: systemd-logger, atd, avahi-daemon, smartd, irqbalance, dhclient, NetworkManager) over offending user process (in the attachment: main, treeUB), resulting in a DoS condition.
- May be related: an earlier version (openssh-5.6p1-33.fc15.1.x86_64) used deprecated oom_adj instead of oom_score_adj (Bug 727335).

--- Additional comment from Petr Lautrbach on 2012-04-15 22:45:44 EDT ---

There was a typo in the openssh-5.6p1-linux-oomkiller.patch:

-+      if (oom_adj_save == INT_MIN || oom_adj_save == NULL ||
++      if (oom_adj_save == INT_MIN || oom_adj_path == NULL ||


$ ssh root@f15-openssh

[root@f15-openssh ~]# rpm -q openssh-server
openssh-server-5.6p1-36.fc15.x86_64

[root@f15-openssh ~]# cat /proc/$$/oom_*
0
1
0


Note: This sshd update should be restarted from a console in order not to inherit oom values from the running ssh shell.


Thanks for the report.

--- Additional comment from Fedora Update System on 2012-04-15 22:49:07 EDT ---

openssh-5.6p1-36.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/openssh-5.6p1-36.fc15

--- Additional comment from Fedora Update System on 2012-04-18 15:31:23 EDT ---

Package openssh-5.6p1-36.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-5.6p1-36.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-6025/openssh-5.6p1-36.fc15
then log in and leave karma (feedback).

--- Additional comment from Laurent Poirrier on 2012-04-18 16:45:18 EDT ---

Tested openssh-5.6p1-36.fc15, oom_score_adj is back to normal.
Feel free to close the bug. Thanks for the fix!

--- Additional comment from Fedora Update System on 2012-04-21 23:25:40 EDT ---

openssh-5.6p1-36.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Petr Lautrbach 2014-06-13 12:58:37 UTC 
It's seems to be related to the reload of sshd as described at https://bugzilla.redhat.com/show_bug.cgi?id=1010429#c0


# cat /proc/`cat /var/run/sshd.pid`/oom_score_adj
-1000

# ssh localhost
root@localhost's password: 
Last login: Fri Jun 13 14:40:49 2014 from master.virt

# cat /proc/$$/oom_score_adj
0

# service sshd reload
Reloading sshd:                                            [  OK  ]

# cat /proc/`cat /var/run/sshd.pid`/oom_score_adj
-1000

# ssh localhost
root@localhost's password: 
Last login: Fri Jun 13 14:54:01 2014 from localhost

# cat /proc/$$/oom_score_adj
-1000

*** This bug has been marked as a duplicate of bug 1010429 ***
Note You need to log in before you can comment on or make changes to this bug.