qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using us

From: Daniel Berrange
Subject: [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
Date: Mon, 27 Feb 2017 15:42:08 -0000 
Unless I'm mis-understanding what you're saying you have an app which
opens 100's of TCP conenctions in the guest, and this causes QEMU to
have 100's of file descriptors open in the host.

If so, this is normal behaviour of SLIRP - it opens a socket for every
connection it has to proxy across from the guest, so the number of file
descriptors it will use is essentially unbounded. If this is a concern,
then the best answer is to not use SLIRP.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273

Title:
  DoS possible on - a QEMU process using userspace SLIRP?

Status in QEMU:
  New

Bug description:
  Steps to reproduce:

  - Launch a VM using QEMU (2.8.0):

  $ qemu-system-x86_64 \
      -machine accel=kvm \
      -hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
      -m 2G \
      -smp 2 \
      -vnc :8 \
      -boot dc \
      -vga std \
      -cpu host \
      -net nic,vlan=0 \
      -net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80

  - SSH into the VM, install httpd, start httpd

  $ ssh -p 10024 address@hidden 'dnf install -y httpd && systemctl start
  httpd'

  - Compile and run the following Java program (on the host):

  $ cat <<EOF > URLConnectionReader.java
  import java.net.*;
  import java.io.*;

  public class URLConnectionReader {
      public static void main(String[] args) throws Exception {
          int i = 0;
          while (i < 1024) {
              URL this_is_404 = new URL("http://localhost:8082/blah";);
              URLConnection yc = this_is_404.openConnection();
              try {
                  BufferedReader in = new BufferedReader(new InputStreamReader(
                              yc.getInputStream()));
                  String inputLine;
                  while ((inputLine = in.readLine()) != null)
                      System.out.println(inputLine);
                  in.close();
              } catch (Exception e) {
                  //HttpURLConnection urlConnection = (HttpURLConnection) yc;
                  //urlConnection.disconnect();
              }
              i++;
          }
          Thread.sleep(1000000000);
      }
  }

  $ javac URLConnectionReader.java

  $ java URLConnectionReader &

  The java program tries to open a lot of HTTP connections, but never
  calls disconnect() on any.

  - Take a look at the list of open FDs of the qemu process:

  $ ls -tl /proc/${qemu-pid}/fd

  $ lsof -p ${qemu-pid}
  All of the TCP connections will be stuck at FIN_WAIT2

  The VM becomes unresponsive. Neither SSH or VNC works after this; even
  after tcp_fin_timeout expires.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
reply via email to
[Prev in Thread] Current Thread [Next in Thread]