Red Hat Bugzilla – Bug 812676
sshd does not reset oom_score_adj to 0
Last modified: 2014-02-28 07:51:23 EST
Created attachment 577588 [details]
three excerpts of /var/log/messages
Description of problem:
When connecting to a Fedora 15 host through ssh, the remote shell (and its child processes) inherits oom_score_adj=-1000, instead of the expected 0. If these processes exhaust the available memory, then the oom killer terminates some daemons instead of them, resulting in a DoS condition.
Version-Release number of selected component (if applicable):
- OpenSSH_5.6p1, OpenSSL 1.0.0h-fips 12 Mar 2012
- rpm package: openssh-server-5.6p1-35.fc15.x86_64
- Linux 188.8.131.52-1.fc15.x86_64 #1 SMP Tue Mar 20 16:30:08 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
also occured on
- OpenSSH_5.6p1, OpenSSL 1.0.0g-fips 18 Jan 2012
- rpm package: openssh-server-5.6p1-34.fc15.i686
- Linux 184.108.40.206-3.fc15.i686.PAE #1 SMP Mon Jan 23 15:36:55 UTC 2012 i686 i686 i386 GNU/Linux
Steps to Reproduce:
1. ssh user@fc15_host
2. cat /proc/self/oom_score_adj
oom_score_adj is -1000
oom_score_adj is 0
- Fixed in Fedora 16 (as of openssh-server-5.8p2-25.fc16.x86_64).
- Leads the oom killer to select root daemons (in the attachment: systemd-logger, atd, avahi-daemon, smartd, irqbalance, dhclient, NetworkManager) over offending user process (in the attachment: main, treeUB), resulting in a DoS condition.
- May be related: an earlier version (openssh-5.6p1-33.fc15.1.x86_64) used deprecated oom_adj instead of oom_score_adj (Bug 727335).
There was a typo in the openssh-5.6p1-linux-oomkiller.patch:
-+ if (oom_adj_save == INT_MIN || oom_adj_save == NULL ||
++ if (oom_adj_save == INT_MIN || oom_adj_path == NULL ||
$ ssh root@f15-openssh
[root@f15-openssh ~]# rpm -q openssh-server
[root@f15-openssh ~]# cat /proc/$$/oom_*
Note: This sshd update should be restarted from a console in order not to inherit oom values from the running ssh shell.
Thanks for the report.
openssh-5.6p1-36.fc15 has been submitted as an update for Fedora 15.
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-5.6p1-36.fc15'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Tested openssh-5.6p1-36.fc15, oom_score_adj is back to normal.
Feel free to close the bug. Thanks for the fix!
openssh-5.6p1-36.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.