Solaris Test LWPS Fork–bombs and Zone – Resource Control

Solaris Test LWPS Fork–bombs and Zone – Resource Control

  1. As an end-user create a number of Lightweight processess using the following script which should be located in a test-zone:

#!/bin/ksh

# Script test-fork-bomb.ksh

maxlwps=500

i=0

#

#

echo ‘_________________________________________________’

echo ”

echo “Starting $maxlwps processes”

while [ $i -lt $maxlwps ]

do

i=$(($i+1))

echo “Starting process $i”

sleep 20 &

done

echo ‘_________________________________________________’

echo ”

echo “Started $i Processess”

As you will notice, the number of processes / threads that the end user can start is virtually unlimited1. The effect can be disastrous if the processes table were to fill up completely and your Application server will experience fork – failures.

  1. From the global zone, set the resource control for the maximum NLWPS:

global# zonecfg -z testzone

zonecfg:testzone> add rctl

zonecfg:testzone:rctl> set name=zone.max-lwps

zonecfg:testzone:rctl> add value (priv=privileged,limit=250,action=deny)

zonecfg:testzone:rctl> end

zonecfg:testzone> commit

zonecfg:testzone> exit

  1. Reboot the zone and check the impact

global# zlogin testzone init 6

Here we will use the “Global – Log action” once the zone exceeds the number of LWPS within the zone, to syslogd:

global# rctladm -e syslog=warning zone.max-lwps

→ this will edit /etc/rctladm.conf:

zone.max-lwps=syslog=warning

global# zlogin testzone

global# su – guest

global# ./test-fork-bomb.ksh

You should notice that the number of processess started will be less than 500.

The logging within the Global Zone:

global# dmesg

Feb 17 20:27:59 laks genunix: [ID 757042 kern.notice] privileged rctl zone.max-lwps (value 250) exceeded by process 27734 in zone testzone.

Feb 17 20:28:01 laks genunix: [ID 757042 kern.notice] privileged rctl zone.max-lwps (value 250) exceeded by process 27735 in zone testzone.

  1. Check the impact when changing the rctl – clause in the .xml file

Change the setting for the resource control in the .xml file to:

value (priv=privileged,limit=250,action=none)

Run the script again, and notice that the number of LWPS will no longer be limited to 250.

1Of course the kernel parameter maxuprc will eventually stop the forking of new processess for end – users

This entry was posted in Solaris / linux, Technical. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


2 + = ten

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

What is 2 + 11 ?
Please leave these two fields as-is: