[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using us
From: |
Greg Kurz |
Subject: |
[Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP? |
Date: |
Mon, 27 Feb 2017 16:53:26 -0000 |
Responding to comment #1:
Nehal's scenario seems to be the other way round. An external
application hammers on QEMU with bogus http requests, httpd within the
guest closes the socket, but the external application doesn't and QEMU
stays with tons of dangling sockets, and "The VM becomes unresponsive.
Neither SSH or VNC works after this; even after tcp_fin_timeout
expires."
This being said maybe the answer is don't ever use SLIRP if you don't
trust both ends of network connections (which sounds a bit like don't
ever use SLIRP to me).
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 address@hidden 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this; even
after tcp_fin_timeout expires.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
- [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP?, Nehal J Wani, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Nehal J Wani, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Nehal J Wani, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Daniel Berrange, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Nehal J Wani, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?, Daniel Berrange, 2017/02/27
- [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?,
Greg Kurz <=