Report Bug to Linux Memory Management

Report Bug to Linux Memory Management

[杨男子]

Hi, our team has found a problem in memory management system on Linux kernel v5.10, leading to DoS attacks.

The Linux kernel introduces the dirty_throttle_control struct for dirty-area control, which uses the dirty field to represent the whole kernel-space dirty ratio. Whenever the dirty value is too high, the kernel wakes up background threads to sync the dirty memory to disk. However, in the meantime, as the dirty ratio is too high, the kernel blocks the write-back and converts all writes to write-through, which slows down the write performance dramatically

Unfortunately, the kernel does not provide any isolation for the memory dirty ratio. Any processes can impact the global memory dirty ratio. In our attack, we do the experiments on intel i5 CPU physical machine with 8GB memory+ Linux kernel v5.10.0 + Ubuntu 18.04 LTS + Docker 18.06.0-ce. The attacker-container are limited with 1M/s I/O bandwidth, 4GB memory, dropping all capabilities. The attacker uses the dd command to generate files, which quickly occupies all dirty memory, reaching the memory dirty ratio limit. As a result, all writes from host-machine or victim-container are converted to write-through, which dramatically downgrades the performance. In our experiments, the performance of command dd if=/dev/zero of=/mnt/test bs=1M count=1024 on the victim-container drops from 1.2 GB/s to32.6 MB/s due to the attack, resulting in 97.3% slow down. Besides, even the privileged root user on the host-machine also has a 96.1%performance downgrade.

Looking forward to your reply!
                                                                                                                             Nanzi Yang

Report Bug to Linux Memory Management

[杨男子]

Hi, our team has found a problem in memory management system on Linux kernel v5.10, leading to DoS attacks.

The Linux kernel introduces the dirty_throttle_control struct for dirty-area control, which uses the dirty field to represent the whole kernel-space dirty ratio. Whenever the dirty value is too high, the kernel wakes up background threads to sync the dirty memory to disk. However, in the meantime, as the dirty ratio is too high, the kernel blocks the write-back and converts all writes to write-through, which slows down the write performance dramatically

Unfortunately, the kernel does not provide any isolation for the memory dirty ratio. Any processes can impact the global memory dirty ratio. In our attack, we do the experiments on intel i5 CPU physical machine with 8GB memory+ Linux kernel v5.10.0 + Ubuntu 18.04 LTS + Docker 18.06.0-ce. The attacker-container are limited with 1M/s I/O bandwidth, 4GB memory, dropping all capabilities. The attacker uses the dd command to generate files, which quickly occupies all dirty memory, reaching the memory dirty ratio limit. As a result, all writes from host-machine or victim-container are converted to write-through, which dramatically downgrades the performance. In our experiments, the performance of command dd if=/dev/zero of=/mnt/test bs=1M count=1024 on the victim-container drops from 1.2 GB/s to 32.6 MB/s due to the attack, resulting in 97.3% slow down. Besides, even the privileged root user on the host-machine also has a 96.1%performance downgrade.

Looking forward to your reply!
                                                                                                                             Nanzi Yang