DoS possible on - a QEMU process using userspace SLIRP?
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Steps to reproduce:
- Launch a VM using QEMU (2.8.0):
$ qemu-system-x86_64 \
-machine accel=kvm \
-hda Fedora-
-m 2G \
-smp 2 \
-vnc :8 \
-boot dc \
-vga std \
-cpu host \
-net nic,vlan=0 \
-net user,vlan=
- SSH into the VM, install httpd, start httpd
$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start httpd'
- Compile and run the following Java program (on the host):
$ cat <<EOF > URLConnectionRe
import java.net.*;
import java.io.*;
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
int i = 0;
while (i < 1024) {
URL this_is_404 = new URL("http://
try {
} catch (Exception e) {
}
i++;
}
}
}
$ javac URLConnectionRe
$ java URLConnectionReader &
The java program tries to open a lot of HTTP connections, but never calls disconnect() on any.
- Take a look at the list of open FDs of the qemu process:
$ ls -tl /proc/$
$ lsof -p ${qemu-pid}
All of the TCP connections will be stuck at FIN_WAIT2
The VM becomes unresponsive. Neither SSH or VNC works after this; even after tcp_fin_timeout expires.
summary: |
- DDoS possible on QEMU using userspace SLIRP? + DDoS possible on - a QEMU process using userspace SLIRP? |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
summary: |
- DDoS possible on - a QEMU process using userspace SLIRP? + DoS possible on - a QEMU process using userspace SLIRP? |
description: | updated |
Unless I'm mis-understanding what you're saying you have an app which opens 100's of TCP conenctions in the guest, and this causes QEMU to have 100's of file descriptors open in the host.
If so, this is normal behaviour of SLIRP - it opens a socket for every connection it has to proxy across from the guest, so the number of file descriptors it will use is essentially unbounded. If this is a concern, then the best answer is to not use SLIRP.