RELENG_4 on flash disk and swap

Dmitry Pryanishnikov dmitry at atlantis.dp.ua
Tue Mar 14 08:48:17 UTC 2006 

Hello!

   I won't reply to the overcommit part of your letter, since my concern
is rather local: I'm just not sure whether FreeBSD does it's best
during the DoS-attack in swapless environment.

On Mon, 13 Mar 2006, Jon Dama wrote:
> Also, when the system is page-starved it kills the largest consumer of
> pages that has the same UID as the process that pushed the system over the
> limit---not merely the largest consumer of pages.  So you see, running
> critical services that carefully pre-allocate and fault their memory is
> possible within the overcommit framework.

   I fail to see any UID check in this code (/sys/vm/vm_pageout.c from
RELENG_4_11, the last part of vm_pageout_scan()):

 	/*
 	 * If we are out of swap and were not able to reach our paging
 	 * target, kill the largest process.
 	 */
 	if ((vm_swap_size < 64 && vm_page_count_min()) ||
 	    (swap_pager_full && vm_paging_target() > 0)) {
#if 0
 	if ((vm_swap_size < 64 || swap_pager_full) && vm_page_count_min()) {
#endif
 		bigproc = NULL;
 		bigsize = 0;
 		for (p = allproc.lh_first; p != 0; p = p->p_list.le_next) {
 			/*
 			 * if this is a system process, skip it
 			 */
 			if ((p->p_flag & P_SYSTEM) || (p->p_pid == 1) ||
 			    ((p->p_pid < 48) && (vm_swap_size != 0))) {
 				continue;
 			}
 			/*
 			 * if the process is in a non-running type state,
 			 * don't touch it.
 			 */
 			if (p->p_stat != SRUN && p->p_stat != SSLEEP) {
 				continue;
 			}
 			/*
 			 * get the process size
 			 */
 			size = vmspace_resident_count(p->p_vmspace) +
 				vmspace_swap_count(p->p_vmspace);
 			/*
 			 * if the this process is bigger than the biggest one
 			 * remember it.
 			 */
 			if (size > bigsize) {
 				bigproc = p;
 				bigsize = size;
 			}
 		}
 		if (bigproc != NULL) {
 			killproc(bigproc, "out of swap space");
 			bigproc->p_estcpu = 0;
 			bigproc->p_nice = PRIO_MIN;
 			resetpriority(bigproc);
 			wakeup(&cnt.v_free_count);
 		}
 	}


Neither I see UID check in the fresh CURRENT.

   Also, even if UID check were here, it wouldn't buy much for us, since
during the DoS attack the target is the main listener (say, sshd or sendmail),
and it always runs as root because otherwise it couldn't listen at port < 
1024.

Sincerely, Dmitry
-- 
Atlantis ISP, System Administrator
e-mail:  dmitry at atlantis.dp.ua
nic-hdl: LYNX-RIPE

More information about the freebsd-stable mailing list