qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using us


From: Greg Kurz
Subject: [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
Date: Mon, 27 Feb 2017 16:53:26 -0000

Responding to comment #1:

Nehal's scenario seems to be the other way round. An external
application hammers on QEMU with bogus http requests, httpd within the
guest closes the socket, but the external application doesn't and QEMU
stays with tons of dangling sockets, and "The VM becomes unresponsive.
Neither SSH or VNC works after this; even after tcp_fin_timeout
expires."

This being said maybe the answer is don't ever use SLIRP if you don't
trust both ends of network connections (which sounds a bit like don't
ever use SLIRP to me).

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273

Title:
  DoS possible on - a QEMU process using userspace SLIRP?

Status in QEMU:
  New

Bug description:
  Steps to reproduce:

  - Launch a VM using QEMU (2.8.0):

  $ qemu-system-x86_64 \
      -machine accel=kvm \
      -hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
      -m 2G \
      -smp 2 \
      -vnc :8 \
      -boot dc \
      -vga std \
      -cpu host \
      -net nic,vlan=0 \
      -net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80

  - SSH into the VM, install httpd, start httpd

  $ ssh -p 10024 address@hidden 'dnf install -y httpd && systemctl start
  httpd'

  - Compile and run the following Java program (on the host):

  $ cat <<EOF > URLConnectionReader.java
  import java.net.*;
  import java.io.*;

  public class URLConnectionReader {
      public static void main(String[] args) throws Exception {
          int i = 0;
          while (i < 1024) {
              URL this_is_404 = new URL("http://localhost:8082/blah";);
              URLConnection yc = this_is_404.openConnection();
              try {
                  BufferedReader in = new BufferedReader(new InputStreamReader(
                              yc.getInputStream()));
                  String inputLine;
                  while ((inputLine = in.readLine()) != null)
                      System.out.println(inputLine);
                  in.close();
              } catch (Exception e) {
                  //HttpURLConnection urlConnection = (HttpURLConnection) yc;
                  //urlConnection.disconnect();
              }
              i++;
          }
          Thread.sleep(1000000000);
      }
  }

  $ javac URLConnectionReader.java

  $ java URLConnectionReader &

  The java program tries to open a lot of HTTP connections, but never
  calls disconnect() on any.

  - Take a look at the list of open FDs of the qemu process:

  $ ls -tl /proc/${qemu-pid}/fd

  $ lsof -p ${qemu-pid}
  All of the TCP connections will be stuck at FIN_WAIT2

  The VM becomes unresponsive. Neither SSH or VNC works after this; even
  after tcp_fin_timeout expires.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions



reply via email to

[Prev in Thread] Current Thread [Next in Thread]