From: Nehal J Wani <nehaljw.kkd1@gmail.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
Date: Mon, 27 Feb 2017 14:23:36 -0000 [thread overview]
Message-ID: <20170227142337.20737.80472.launchpad@soybean.canonical.com> (raw)
In-Reply-To: 20170227140328.20639.14786.malonedeb@soybean.canonical.com
** Summary changed:
- DDoS possible on - a QEMU process using userspace SLIRP?
+ DoS possible on - a QEMU process using userspace SLIRP?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
next prev parent reply other threads:[~2017-02-27 14:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-27 14:03 [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? Nehal J Wani
2017-02-27 14:23 ` Nehal J Wani [this message]
2017-02-27 15:03 ` [Qemu-devel] [Bug 1668273] Re: DoS " Nehal J Wani
2017-02-27 15:42 ` Daniel Berrange
2017-02-27 15:58 ` Nehal J Wani
2017-02-27 16:21 ` Daniel Berrange
2017-02-27 16:53 ` Greg Kurz
2020-11-12 13:15 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170227142337.20737.80472.launchpad@soybean.canonical.com \
--to=nehaljw.kkd1@gmail.com \
--cc=1668273@bugs.launchpad.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.