From: Joerg Platte <lists@naasa.net>
To: linux-kernel@vger.kernel.org
Subject: Re: Userspace process may be able to DoS kernel
Date: Sat, 11 Nov 2006 13:29:16 +0100 [thread overview]
Message-ID: <200611111329.17206.lists@naasa.net> (raw)
In-Reply-To: <20061109231958.f18cd1ef.akpm@osdl.org>
Am Freitag, 10. November 2006 08:19 schrieb Andrew Morton:
> OK, thanks.
>
> It'd be useful if you could grab a kernel profile when the system load is
> high:
> Or, if oprofile is working:
>
>
> #!/bin/sh
> sudo opcontrol --stop
> sudo opcontrol --shutdown
> sudo rm -rf /var/lib/oprofile
> sudo opcontrol --vmlinux=/boot/vmlinux-$(uname -r)
> sudo opcontrol --start-daemon
> sudo opcontrol --start
> sleep 10
> sudo opcontrol --stop
> sudo opcontrol --shutdown
> sudo opreport -l /boot/vmlinux-$(uname -r) | head -50
Here is the oprofile log. Seems to be acpi related?
CPU: CPU with timer interrupt, speed 0 MHz (estimated)
Profiling through timer interrupt
samples % symbol name
709 44.2848 acpi_pm_read
232 14.4909 schedule
164 10.2436 system_call
61 3.8101 __wake_up
48 2.9981 __copy_to_user_ll
42 2.6234 do_futex
29 1.8114 futex_wake
29 1.8114 sys_futex
26 1.6240 hash_futex
25 1.5615 getnstimeofday
20 1.2492 preempt_schedule
20 1.2492 sys_clock_gettime
18 1.1243 copy_to_user
17 1.0618 __copy_from_user_ll
17 1.0618 get_futex_key
16 0.9994 futex_requeue
15 0.9369 schedule_timeout
11 0.6871 __mod_timer
9 0.5621 do_gettimeofday
9 0.5621 sys_ioctl
9 0.5621 syscall_exit
8 0.4997 fget_light
7 0.4372 find_extend_vma
6 0.3748 find_vma
5 0.3123 copy_from_user
5 0.3123 lock_timer_base
5 0.3123 sys_gettimeofday
4 0.2498 do_ioctl
4 0.2498 up_read
4 0.2498 vfs_ioctl
4 0.2498 wake_futex
3 0.1874 add_wait_queue
3 0.1874 down_read
2 0.1249 memcpy
2 0.1249 profile_hit
1 0.0625 csum_partial
1 0.0625 do_page_fault
1 0.0625 dummy_file_ioctl
1 0.0625 fput
1 0.0625 handle_IRQ_event
1 0.0625 ip_append_data
1 0.0625 memcmp
1 0.0625 netif_receive_skb
1 0.0625 permission
1 0.0625 sched_clock
1 0.0625 syscall_call
1 0.0625 unmap_vmas
I captured this on my IBM Thinkpad T40p. Here is the system configuration:
Linux ibm 2.6.19-rc5 #1 PREEMPT Wed Nov 8 08:06:17 CET 2006 i686 GNU/Linux
Module Size Used by
sg 32156 0
sr_mod 14820 0
lt_hotswap 10888 0
oprofile 18400 1
radeon 109728 2
drm 69524 3 radeon
binfmt_misc 10696 1
ieee80211_crypt_ccmp 6912 3
cpufreq_userspace 3860 0
cpufreq_powersave 1792 0
rfcomm 34716 1
l2cap 21700 5 rfcomm
bluetooth 47780 4 rfcomm,l2cap
nfs 210280 0
nfsd 198320 17
exportfs 5440 1 nfsd
lockd 57480 3 nfs,nfsd
sunrpc 146108 12 nfs,nfsd,lockd
nsc_ircc 17296 0
uinput 8704 1
af_packet 19848 6
autofs4 19588 2
video 15172 0
sbs 14496 0
i2c_ec 4928 1 sbs
dock 7240 0
button 6544 0
container 4352 0
ac 5060 0
battery 9860 0
ipt_MASQUERADE 3328 3
iptable_nat 6724 1
ip_nat 17004 2 ipt_MASQUERADE,iptable_nat
xt_state 2112 9
ipt_LOG 6080 8
xt_limit 2624 8
ipt_REJECT 4288 2
xt_mark 1856 2
xt_tcpudp 2880 10
xt_mac 1856 29
iptable_filter 2880 1
xt_MARK 2240 3
xt_multiport 3008 8
iptable_mangle 2752 1
ip_tables 12552 3 iptable_nat,iptable_filter,iptable_mangle
x_tables 14276 12
ipt_MASQUERADE,iptable_nat,xt_state,ipt_LOG,xt_limit,ipt_REJECT,xt_mark,xt_tcpudp,xt_mac,xt_MARK,xt_multiport,ip_tables
ip_conntrack_ftp 7376 0
ip_conntrack 48524 5
ipt_MASQUERADE,iptable_nat,ip_nat,xt_state,ip_conntrack_ftp
nfnetlink 6360 2 ip_nat,ip_conntrack
deflate 3712 0
zlib_deflate 18072 1 deflate
zlib_inflate 13632 1 deflate
twofish 8384 0
twofish_common 35904 1 twofish
serpent 18816 0
aes 27968 3
blowfish 9280 0
des 17344 0
cbc 4288 0
ecb 3456 0
blkcipher 5504 2 cbc,ecb
sha256 11008 0
sha1 2560 0
crypto_null 2496 0
af_key 31696 2
nls_utf8 2048 1
ntfs 92788 1
nls_base 7168 2 nls_utf8,ntfs
ext2 59464 1
dm_snapshot 15328 0
dm_mirror 17936 0
dm_mod 50520 2 dm_snapshot,dm_mirror
deadline_iosched 5440 0
as_iosched 12616 1
cfq_iosched 16208 1
cdc_acm 14048 0
capability 4744 0
commoncap 6848 1 capability
ircomm_tty 22664 0
ircomm 13060 1 ircomm_tty
tun 10368 1
nvram 8072 1
ibm_acpi 25792 0
sd_mod 18576 0
8250_pci 19904 0
irtty_sir 6016 0
sir_dev 13956 1 irtty_sir
joydev 9024 0
snd_intel8x0m 16524 4
snd_seq_oss 28992 0
snd_seq_midi 8160 0
snd_rawmidi 22432 1 snd_seq_midi
snd_seq_midi_event 6784 2 snd_seq_oss,snd_seq_midi
snd_seq 44688 5 snd_seq_oss,snd_seq_midi,snd_seq_midi_event
tsdev 7424 0
snd_intel8x0 31004 2
snd_ac97_codec 89188 2 snd_intel8x0m,snd_intel8x0
snd_ac97_bus 2240 1 snd_ac97_codec
usb_storage 56576 0
snd_pcm_oss 38432 0
snd_mixer_oss 15424 1 snd_pcm_oss
snd_seq_device 7628 4 snd_seq_oss,snd_seq_midi,snd_rawmidi,snd_seq
ipw2200 136584 0
libusual 16016 1 usb_storage
snd_pcm 71048 6
snd_intel8x0m,snd_intel8x0,snd_ac97_codec,snd_pcm_oss
snd_timer 20676 2 snd_seq,snd_pcm
yenta_socket 24780 2
rsrc_nonstatic 12032 1 yenta_socket
pcmcia 34788 0
psmouse 34376 0
irda 106040 4 nsc_ircc,ircomm_tty,ircomm,sir_dev
i2c_i801 7308 0
usbhid 47008 0
8250_pnp 9088 0
8250 20004 2 8250_pci,8250_pnp
serial_core 19584 1 8250
ieee80211 29832 1 ipw2200
ieee80211_crypt 5824 2 ieee80211_crypt_ccmp,ieee80211
parport_pc 35940 0
parport 33288 1 parport_pc
iTCO_wdt 10016 0
pcspkr 2816 0
evdev 9152 3
intel_agp 22236 1
agpgart 29744 2 drm,intel_agp
serio_raw 6468 0
crc_ccitt 2112 1 irda
snd 47972 21
snd_intel8x0m,snd_seq_oss,snd_rawmidi,snd_seq,snd_intel8x0,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_seq_device,snd_pcm,snd_timer
soundcore 7776 1 snd
snd_page_alloc 9608 3 snd_intel8x0m,snd_intel8x0,snd_pcm
ff_memless 5128 1 usbhid
rtc 12340 0
pcmcia_core 37520 3 yenta_socket,rsrc_nonstatic,pcmcia
firmware_class 9664 2 ipw2200,pcmcia
ext3 120904 2
jbd 53736 1 ext3
mbcache 8324 2 ext2,ext3
ide_cd 36192 0
cdrom 32992 2 sr_mod,ide_cd
ide_disk 15232 6
ata_piix 15368 0
libata 96276 1 ata_piix
scsi_mod 128588 5 sg,sr_mod,sd_mod,usb_storage,libata
piix 9156 0 [permanent]
uhci_hcd 21256 0
ehci_hcd 27976 0
usbcore 121924 7
cdc_acm,usb_storage,libusual,usbhid,uhci_hcd,ehci_hcd
generic 5316 0 [permanent]
ide_core 109532 6
lt_hotswap,usb_storage,ide_cd,ide_disk,piix,generic
e1000 108672 0
thermal 13640 0
fan 4612 0
unix 25328 1098
cpufreq_conservative 6368 0
cpufreq_ondemand 7168 1
speedstep_centrino 7120 1
freq_table 4292 2 cpufreq_ondemand,speedstep_centrino
processor 23276 2 thermal,speedstep_centrino
fbcon 38304 73
tileblit 2496 1 fbcon
crc32 4288 3 tun,pcmcia,fbcon
font 8256 1 fbcon
bitblit 5120 1 fbcon
softcursor 2240 1 bitblit
radeonfb 94144 1
fb 43688 5 fbcon,tileblit,bitblit,softcursor,radeonfb
fb_ddc 2560 1 radeonfb
i2c_algo_bit 7560 1 radeonfb
i2c_core 20688 4 i2c_ec,i2c_i801,fb_ddc,i2c_algo_bit
cfbcopyarea 3520 1 radeonfb
cfbimgblt 2816 1 radeonfb
cfbfillrect 3520 1 radeonfb
00:00.0 Host bridge: Intel Corporation 82855PM Processor to I/O Controller
(rev 03)
00:01.0 PCI bridge: Intel Corporation 82855PM Processor to AGP Controller (rev
03)
00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M)
USB UHCI Controller #1 (rev 01)
00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M)
USB UHCI Controller #2 (rev 01)
00:1d.2 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M)
USB UHCI Controller #3 (rev 01)
00:1d.7 USB Controller: Intel Corporation 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI
Controller (rev 01)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev 81)
00:1f.0 ISA bridge: Intel Corporation 82801DBM (ICH4-M) LPC Interface Bridge
(rev 01)
00:1f.1 IDE interface: Intel Corporation 82801DBM (ICH4-M) IDE Controller (rev
01)
00:1f.3 SMBus: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) SMBus
Controller (rev 01)
00:1f.5 Multimedia audio controller: Intel Corporation 82801DB/DBL/DBM
(ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller (rev 01)
00:1f.6 Modem: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97
Modem Controller (rev 01)
01:00.0 VGA compatible controller: ATI Technologies Inc Radeon R250 [Mobility
FireGL 9000] (rev 02)
02:00.0 CardBus bridge: Texas Instruments PCI1520 PC card Cardbus Controller
(rev 01)
02:00.1 CardBus bridge: Texas Instruments PCI1520 PC card Cardbus Controller
(rev 01)
02:01.0 Ethernet controller: Intel Corporation 82540EP Gigabit Ethernet
Controller (Mobile) (rev 03)
02:02.0 Network controller: Intel Corporation PRO/Wireless 2200BG Network
Connection (rev 05)
regards,
Jörg
next prev parent reply other threads:[~2006-11-11 12:29 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-11 16:54 Userspace process may be able to DoS kernel Günther Starnberger
2006-10-12 6:02 ` Joerg Platte
2006-10-12 6:49 ` Willy Tarreau
2006-10-12 10:54 ` Joerg Platte
2006-10-12 11:30 ` Pekka Enberg
2006-10-12 11:41 ` Joerg Platte
2006-10-12 11:57 ` Pekka Enberg
2006-10-12 20:11 ` Joerg Platte
2006-10-12 20:25 ` Günther Starnberger
2006-10-13 13:24 ` Joerg Platte
2006-10-12 15:51 ` Lee Revell
2006-10-12 16:55 ` Günther Starnberger
2006-10-12 17:05 ` Lee Revell
2006-10-12 20:30 ` Günther Starnberger
2006-10-12 20:37 ` Lee Revell
2006-10-12 15:56 ` Lee Revell
2006-10-12 16:10 ` Jan Engelhardt
2006-10-12 16:19 ` Lee Revell
2006-10-12 22:02 ` Jan Engelhardt
[not found] ` <200611100803.03958.lists@naasa.net>
[not found] ` <20061109231958.f18cd1ef.akpm@osdl.org>
2006-11-11 12:29 ` Joerg Platte [this message]
2006-11-11 12:39 ` Arjan van de Ven
2006-11-11 13:15 ` Joerg Platte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200611111329.17206.lists@naasa.net \
--to=lists@naasa.net \
--cc=jplatte@naasa.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox