* [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP?
@ 2017-02-27 14:03 Nehal J Wani
2017-02-27 14:23 ` [Qemu-devel] [Bug 1668273] Re: DoS " Nehal J Wani
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Nehal J Wani @ 2017-02-27 14:03 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this.
** Affects: qemu
Importance: Undecided
Status: New
** Summary changed:
- DDoS possible on QEMU using userspace SLIRP?
+ DDoS possible on - a QEMU process using userspace SLIRP?
** Description changed:
Steps to reproduce:
- Launch a VM using QEMU:
- $ qemu-system-x86_64 -machine accel=kvm \
- -hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
- -m 2G \
- -smp 2 \
- -vnc :8 \
- -boot dc \
- -vga std \
- -cpu host \
- -net nic,vlan=0 \
- -net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
+ $ qemu-system-x86_64 \
+ -machine accel=kvm \
+ -hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
+ -m 2G \
+ -smp 2 \
+ -vnc :8 \
+ -boot dc \
+ -vga std \
+ -cpu host \
+ -net nic,vlan=0 \
+ -net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program:
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
- public static void main(String[] args) throws Exception {
- int i = 0;
- while (i < 1024) {
- URL this_is_404 = new URL("http://localhost:8082/blah");
- URLConnection yc = this_is_404.openConnection();
- try {
- BufferedReader in = new BufferedReader(new InputStreamReader(
- yc.getInputStream()));
- String inputLine;
- while ((inputLine = in.readLine()) != null)
- System.out.println(inputLine);
- in.close();
- } catch (Exception e) {
- //HttpURLConnection urlConnection = (HttpURLConnection) yc;
- //urlConnection.disconnect();
- }
- i++;
- }
- Thread.sleep(1000000000);
- }
+ public static void main(String[] args) throws Exception {
+ int i = 0;
+ while (i < 1024) {
+ URL this_is_404 = new URL("http://localhost:8082/blah");
+ URLConnection yc = this_is_404.openConnection();
+ try {
+ BufferedReader in = new BufferedReader(new InputStreamReader(
+ yc.getInputStream()));
+ String inputLine;
+ while ((inputLine = in.readLine()) != null)
+ System.out.println(inputLine);
+ in.close();
+ } catch (Exception e) {
+ //HttpURLConnection urlConnection = (HttpURLConnection) yc;
+ //urlConnection.disconnect();
+ }
+ i++;
+ }
+ Thread.sleep(1000000000);
+ }
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works on this.
** Description changed:
Steps to reproduce:
- Launch a VM using QEMU:
$ qemu-system-x86_64 \
- -machine accel=kvm \
+ -machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- - Compile and run the following Java program:
+ - Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works on this.
** Description changed:
Steps to reproduce:
- Launch a VM using QEMU:
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
- The VM becomes unresponsive. Neither SSH or VNC works on this.
+ The VM becomes unresponsive. Neither SSH or VNC works after this.
** Description changed:
Steps to reproduce:
- - Launch a VM using QEMU:
+ - Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DDoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
2017-02-27 14:03 [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? Nehal J Wani
@ 2017-02-27 14:23 ` Nehal J Wani
2017-02-27 15:03 ` Nehal J Wani
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Nehal J Wani @ 2017-02-27 14:23 UTC (permalink / raw)
To: qemu-devel
** Summary changed:
- DDoS possible on - a QEMU process using userspace SLIRP?
+ DoS possible on - a QEMU process using userspace SLIRP?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
2017-02-27 14:03 [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? Nehal J Wani
2017-02-27 14:23 ` [Qemu-devel] [Bug 1668273] Re: DoS " Nehal J Wani
@ 2017-02-27 15:03 ` Nehal J Wani
2017-02-27 15:42 ` Daniel Berrange
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Nehal J Wani @ 2017-02-27 15:03 UTC (permalink / raw)
To: qemu-devel
** Description changed:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
- The VM becomes unresponsive. Neither SSH or VNC works after this.
+ The VM becomes unresponsive. Neither SSH or VNC works after this; even
+ after tcp_fin_timeout expires.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this; even
after tcp_fin_timeout expires.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
2017-02-27 14:03 [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? Nehal J Wani
2017-02-27 14:23 ` [Qemu-devel] [Bug 1668273] Re: DoS " Nehal J Wani
2017-02-27 15:03 ` Nehal J Wani
@ 2017-02-27 15:42 ` Daniel Berrange
2017-02-27 15:58 ` Nehal J Wani
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Daniel Berrange @ 2017-02-27 15:42 UTC (permalink / raw)
To: qemu-devel
Unless I'm mis-understanding what you're saying you have an app which
opens 100's of TCP conenctions in the guest, and this causes QEMU to
have 100's of file descriptors open in the host.
If so, this is normal behaviour of SLIRP - it opens a socket for every
connection it has to proxy across from the guest, so the number of file
descriptors it will use is essentially unbounded. If this is a concern,
then the best answer is to not use SLIRP.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this; even
after tcp_fin_timeout expires.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
2017-02-27 14:03 [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? Nehal J Wani
` (2 preceding siblings ...)
2017-02-27 15:42 ` Daniel Berrange
@ 2017-02-27 15:58 ` Nehal J Wani
2017-02-27 16:21 ` Daniel Berrange
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Nehal J Wani @ 2017-02-27 15:58 UTC (permalink / raw)
To: qemu-devel
But lsof shows that all connections are stuck at FIN_WAIT2 for an
indefinite amount of time. Is that expected?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this; even
after tcp_fin_timeout expires.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
2017-02-27 14:03 [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? Nehal J Wani
` (3 preceding siblings ...)
2017-02-27 15:58 ` Nehal J Wani
@ 2017-02-27 16:21 ` Daniel Berrange
2017-02-27 16:53 ` Greg Kurz
2020-11-12 13:15 ` Thomas Huth
6 siblings, 0 replies; 8+ messages in thread
From: Daniel Berrange @ 2017-02-27 16:21 UTC (permalink / raw)
To: qemu-devel
IIUC, a socket staying around in FIN_WAIT2 state means that a socket has
been closed in one direction, but not the other direction. Assuming
SLIRP is just mirroring what the guest OS has done with the socket
shutdown process, this would be expected.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this; even
after tcp_fin_timeout expires.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Qemu-devel] [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
2017-02-27 14:03 [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? Nehal J Wani
` (4 preceding siblings ...)
2017-02-27 16:21 ` Daniel Berrange
@ 2017-02-27 16:53 ` Greg Kurz
2020-11-12 13:15 ` Thomas Huth
6 siblings, 0 replies; 8+ messages in thread
From: Greg Kurz @ 2017-02-27 16:53 UTC (permalink / raw)
To: qemu-devel
Responding to comment #1:
Nehal's scenario seems to be the other way round. An external
application hammers on QEMU with bogus http requests, httpd within the
guest closes the socket, but the external application doesn't and QEMU
stays with tons of dangling sockets, and "The VM becomes unresponsive.
Neither SSH or VNC works after this; even after tcp_fin_timeout
expires."
This being said maybe the answer is don't ever use SLIRP if you don't
trust both ends of network connections (which sounds a bit like don't
ever use SLIRP to me).
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
New
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this; even
after tcp_fin_timeout expires.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?
2017-02-27 14:03 [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? Nehal J Wani
` (5 preceding siblings ...)
2017-02-27 16:53 ` Greg Kurz
@ 2020-11-12 13:15 ` Thomas Huth
6 siblings, 0 replies; 8+ messages in thread
From: Thomas Huth @ 2020-11-12 13:15 UTC (permalink / raw)
To: qemu-devel
Slirp has been moved to an external project now. If this is still an issue, please report the problem there instead:
https://gitlab.freedesktop.org/slirp/libslirp
** Changed in: qemu
Status: New => Won't Fix
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273
Title:
DoS possible on - a QEMU process using userspace SLIRP?
Status in QEMU:
Won't Fix
Bug description:
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionReader.java
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://localhost:8082/blah");
URLConnection yc = this_is_404.openConnection();
try {
BufferedReader in = new BufferedReader(new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (Exception e) {
//HttpURLConnection urlConnection = (HttpURLConnection) yc;
//urlConnection.disconnect();
}
i++;
}
Thread.sleep(1000000000);
}
}
$ javac URLConnectionReader.java
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never
calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/${qemu-pid}/fd
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this; even
after tcp_fin_timeout expires.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-11-12 13:32 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-27 14:03 [Qemu-devel] [Bug 1668273] [NEW] DDoS possible on - a QEMU process using userspace SLIRP? Nehal J Wani
2017-02-27 14:23 ` [Qemu-devel] [Bug 1668273] Re: DoS " Nehal J Wani
2017-02-27 15:03 ` Nehal J Wani
2017-02-27 15:42 ` Daniel Berrange
2017-02-27 15:58 ` Nehal J Wani
2017-02-27 16:21 ` Daniel Berrange
2017-02-27 16:53 ` Greg Kurz
2020-11-12 13:15 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.