Computer Science Students, donuts and a T5140 SunRay server running OpenSolaris

On a typical Wednesday afternoon in the SunRay lab in the Computer Science Department at the University of Aberystwyth, Denial of Service attacks will at best result in a audience with the Head of Department and at worst exclusion from one's degree scheme. Yesterday afternoon was different in that trying to exclude your peers by panicing or hanging the SunRay server was positively encouraged!

Thanks to those students who turned up and in exchange for cakes, did "stuff" on the departments new T5140 SunRay server which was running build 97 of OpenSolaris. The aim of the afternoon was in part educational for the students, in part a load test to identify possible configuration improvements and in part to see if there were any obvious performance RFE's we could chase down.

Much respect to Dafydd who managed to translate "please just log in and out, repeat until" into running this bit of code in a bash shell script

:(){ :|:& };:

I suspect he got the idea from here, however it did make the machine hang. Lesson learned is to pay attention to project based resource controls and also if/when we do this again for me to be specific that there will be a couple of phases and could they leave the fork bomb/malloc bomb type activity till the end of the session.

The kernel tunable maxuprc would have stopped him if he got beyond 29995 processes, but each bash shell at around 3MB, so we would need around 90GB of available virtual memory before this limit stopped him. A value of 1000 should not stop "normal" activities, but also stop a Dafydd after too much sugar.

In a similar vein, Dave Barnard came up with an other simple trick of

#include 

int main()
{
int i = 0;
	while(1)
	{
		char \*t = (char\*)malloc(1024\*1024);

		if(t == NULL)
		{
			printf("end");
			return 1;
		}else{
			printf("%d MB"\\n, i);
			i++;
		}
	}
return 0;
}
and proceeded to leak over 6GB of memory on a 8Gb Physical + 5 GB swap system. While the prospect of the wrath of Prof. Price is typically more effective than resource limits, some probably need to be put in place know the little dears have a taste for this. rcapd is probably the right way to go here and put per user limits in place via projects. In addition the amount of swap has been doubled and we are going to do some memory usage monitoring to determine if more physical memory might be useful.

The T5140 itself was never more than 20% busy in terms of CPU utilization. Memory of various kinds was the main limitation. We also observed that NetBeans 6.1 was slow for interactive use which needs to be followed up. Netbeans 6.5 is out, so a 1st step is to see if it has the same problem. We also found that when under memory pressure, some SunRay sessions would exit which also needs to be followed up given a bit more time.

Comments:

Actually, I was the one who told him how to do a bash forkbomb, so I daresay he got the idea from me :P

Posted by Peter Weller (welp) on November 20, 2008 at 06:52 PM GMT #

Post a Comment:
Comments are closed for this entry.
About

clive

Search

Categories
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today