Bug 812676 - sshd does not reset oom_score_adj to 0
sshd does not reset oom_score_adj to 0
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
15
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Petr Lautrbach
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 1071290
  Show dependency treegraph
 
Reported: 2012-04-15 17:43 EDT by Laurent Poirrier
Modified: 2014-02-28 07:51 EST (History)
4 users (show)

See Also:
Fixed In Version: openssh-5.6p1-36.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1071290 (view as bug list)
Environment:
Last Closed: 2012-04-21 23:25:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
three excerpts of /var/log/messages (436.03 KB, text/plain)
2012-04-15 17:43 EDT, Laurent Poirrier
no flags Details

  None (edit)
Description Laurent Poirrier 2012-04-15 17:43:57 EDT
Created attachment 577588 [details]
three excerpts of /var/log/messages

Description of problem:

When connecting to a Fedora 15 host through ssh, the remote shell (and its child processes) inherits oom_score_adj=-1000, instead of the expected 0. If these processes exhaust the available memory, then the oom killer terminates some daemons instead of them, resulting in a DoS condition.

Version-Release number of selected component (if applicable):

- OpenSSH_5.6p1, OpenSSL 1.0.0h-fips 12 Mar 2012
- rpm package: openssh-server-5.6p1-35.fc15.x86_64
- Linux 2.6.42.12-1.fc15.x86_64 #1 SMP Tue Mar 20 16:30:08 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

also occured on
- OpenSSH_5.6p1, OpenSSL 1.0.0g-fips 18 Jan 2012
- rpm package: openssh-server-5.6p1-34.fc15.i686
- Linux 2.6.41.10-3.fc15.i686.PAE #1 SMP Mon Jan 23 15:36:55 UTC 2012 i686 i686 i386 GNU/Linux

How reproducible:
100%

Steps to Reproduce:
1. ssh user@fc15_host
2. cat /proc/self/oom_score_adj
  
Actual results:

oom_score_adj is -1000

Expected results:

oom_score_adj is 0

Additional info:

- Fixed in Fedora 16 (as of openssh-server-5.8p2-25.fc16.x86_64).
- Leads the oom killer to select root daemons (in the attachment: systemd-logger, atd, avahi-daemon, smartd, irqbalance, dhclient, NetworkManager) over offending user process (in the attachment: main, treeUB), resulting in a DoS condition.
- May be related: an earlier version (openssh-5.6p1-33.fc15.1.x86_64) used deprecated oom_adj instead of oom_score_adj (Bug 727335).
Comment 1 Petr Lautrbach 2012-04-15 22:45:44 EDT
There was a typo in the openssh-5.6p1-linux-oomkiller.patch:

-+      if (oom_adj_save == INT_MIN || oom_adj_save == NULL ||
++      if (oom_adj_save == INT_MIN || oom_adj_path == NULL ||


$ ssh root@f15-openssh

[root@f15-openssh ~]# rpm -q openssh-server
openssh-server-5.6p1-36.fc15.x86_64

[root@f15-openssh ~]# cat /proc/$$/oom_*
0
1
0


Note: This sshd update should be restarted from a console in order not to inherit oom values from the running ssh shell.


Thanks for the report.
Comment 2 Fedora Update System 2012-04-15 22:49:07 EDT
openssh-5.6p1-36.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/openssh-5.6p1-36.fc15
Comment 3 Fedora Update System 2012-04-18 15:31:23 EDT
Package openssh-5.6p1-36.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-5.6p1-36.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-6025/openssh-5.6p1-36.fc15
then log in and leave karma (feedback).
Comment 4 Laurent Poirrier 2012-04-18 16:45:18 EDT
Tested openssh-5.6p1-36.fc15, oom_score_adj is back to normal.
Feel free to close the bug. Thanks for the fix!
Comment 5 Fedora Update System 2012-04-21 23:25:40 EDT
openssh-5.6p1-36.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.