[Bug 1668273] Re: DoS possible on - a QEMU process using userspace SLIRP?

[Thomas Huth]

Slirp has been moved to an external project now. If this is still an issue, 
please report the problem there instead:
https://gitlab.freedesktop.org/slirp/libslirp

** Changed in: qemu
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1668273

Title:
  DoS possible on - a QEMU process using userspace SLIRP?

Status in QEMU:
  Won't Fix

Bug description:
  Steps to reproduce:

  - Launch a VM using QEMU (2.8.0):

  $ qemu-system-x86_64 \
      -machine accel=kvm \
      -hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
      -m 2G \
      -smp 2 \
      -vnc :8 \
      -boot dc \
      -vga std \
      -cpu host \
      -net nic,vlan=0 \
      -net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80

  - SSH into the VM, install httpd, start httpd

  $ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start
  httpd'

  - Compile and run the following Java program (on the host):

  $ cat <<EOF > URLConnectionReader.java
  import java.net.*;
  import java.io.*;

  public class URLConnectionReader {
      public static void main(String[] args) throws Exception {
          int i = 0;
          while (i < 1024) {
              URL this_is_404 = new URL("http://localhost:8082/blah";);
              URLConnection yc = this_is_404.openConnection();
              try {
                  BufferedReader in = new BufferedReader(new InputStreamReader(
                              yc.getInputStream()));
                  String inputLine;
                  while ((inputLine = in.readLine()) != null)
                      System.out.println(inputLine);
                  in.close();
              } catch (Exception e) {
                  //HttpURLConnection urlConnection = (HttpURLConnection) yc;
                  //urlConnection.disconnect();
              }
              i++;
          }
          Thread.sleep(1000000000);
      }
  }

  $ javac URLConnectionReader.java

  $ java URLConnectionReader &

  The java program tries to open a lot of HTTP connections, but never
  calls disconnect() on any.

  - Take a look at the list of open FDs of the qemu process:

  $ ls -tl /proc/${qemu-pid}/fd

  $ lsof -p ${qemu-pid}
  All of the TCP connections will be stuck at FIN_WAIT2

  The VM becomes unresponsive. Neither SSH or VNC works after this; even
  after tcp_fin_timeout expires.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1668273/+subscriptions