[Bug 258364] [jail]Two issues that can easily exhaust the host kernel's numvnodes or dp_dirty_total in jail, and may cause DoS attack

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 13 Sep 2021 15:25:55 UTC

Mark Johnston <markj@FreeBSD.org> changed:

           What    |Removed                     |Added
             Status|New                         |Open
                 CC|                            |markj@FreeBSD.org
           Assignee|secteam@FreeBSD.org         |jail@FreeBSD.org

--- Comment #1 from Mark Johnston <markj@FreeBSD.org> ---
We do not consider this to be a security bug.  Jails do not provide perfect
resource isolation, and there are many cases beyond the vnode cache and dirty
buffer pool where this is evident.  Any resources utilized by a jail become
unavailable to the host by definition.

In the case of vnodes, numvnodes counts the number of cached vnodes.  This
cache is subject to an eviction policy, so reaching maxvnodes (using mkdir(1))
should not prevent the host from opening files.  Similarly, ZFS imposes a limit
on the amount of dirty buffers that may be accumulated, but will (eventually)
make space for newly dirtied data by flushing.  So I do not think that these
problems result in anything other than a marginal performance degradation,
which appears to agree with your report.

Certainly it's desirable to have some way of limiting consumption of these
resources by a particular jail (e.g., via rctl), but for vnodes at least it's
not immediately obvious to me how one would go about that, since filesystem
namespaces are shared with the host.  Opened vnodes are not subject to
reclamation in general but can be limited using rctl.

You are receiving this mail because:
You are the assignee for the bug.