Attachment #1507 for bug #1470

Lines 579-584 main() { if (NSVersionOfRunTimeLibrary(" Link Here

(-)configure.ac (+1 lines)
579	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,	579	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
580	[Prepend the address family to IP tunnel traffic])	580	[Prepend the address family to IP tunnel traffic])
581	fi	581	fi
		582	AC_DEFINE(OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
582	;;	583	;;
583	mips-sony-bsd\|mips-sony-newsos4)	584	mips-sony-bsd\|mips-sony-newsos4)
584	AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])	585	AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])

Lines 250-255 Buffer loginmsg; Link Here

(-)sshd.c (+39 lines)
250	/* Unprivileged user */	250	/* Unprivileged user */
251	struct passwd *privsep_pw = NULL;	251	struct passwd *privsep_pw = NULL;
252		252
		253	#ifdef OOM_ADJUST
		254	/* Linux out-of-memory killer adjustment */
		255	static char oom_adj_save[8];
		256	#endif
		257
253	/* Prototypes for various functions defined later in this file. */	258	/* Prototypes for various functions defined later in this file. */
254	void destroy_sensitive_data(void);	259	void destroy_sensitive_data(void);
255	void demote_sensitive_data(void);	260	void demote_sensitive_data(void);
Lines 901-906 recv_rexec_state(int fd, Buffer *conf) Link Here
901	debug3("%s: done", __func__);	906	debug3("%s: done", __func__);
902	}	907	}
903		908
		909	#ifdef OOM_ADJUST
		910	/*
		911	* If requested in the environment, tell the Linux kernel's out-of-memory
		912	* killer to avoid sshd. The old state will be restored when forking child
		913	* processes.
		914	*/
		915	static void
		916	oom_adjust_startup(void)
		917	{
		918	const char *oom_adj = getenv("SSHD_OOM_ADJUST");
		919
		920	if (!oom_adj)
		921	return;
		922	oom_adj_get(oom_adj_save, sizeof(oom_adj_save));
		923	oom_adj_set(oom_adj);
		924	}
		925
		926	static void
		927	oom_restore(void)
		928	{
		929	if (oom_adj_save[0])
		930	oom_adj_set(oom_adj_save);
		931	}
		932	#endif
		933
904	/* Accept a connection from inetd */	934	/* Accept a connection from inetd */
905	static void	935	static void
906	server_accept_inetd(int sock_in, int sock_out)	936	server_accept_inetd(int sock_in, int sock_out)
Lines 1606-1611 main(int ac, char **av) Link Here
1606	/* ignore SIGPIPE */	1636	/* ignore SIGPIPE */
1607	signal(SIGPIPE, SIG_IGN);	1637	signal(SIGPIPE, SIG_IGN);
1608		1638
		1639	#ifdef OOM_ADJUST
		1640	/* Adjust out-of-memory killer */
		1641	oom_adjust_startup();
		1642	#endif
		1643
1609	/* Get a connection, either from inetd or a listening TCP socket */	1644	/* Get a connection, either from inetd or a listening TCP socket */
1610	if (inetd_flag) {	1645	if (inetd_flag) {
1611	server_accept_inetd(&sock_in, &sock_out);	1646	server_accept_inetd(&sock_in, &sock_out);
Lines 1643-1648 main(int ac, char **av) Link Here
1643		1678
1644	/* This is the child processing a new connection. */	1679	/* This is the child processing a new connection. */
1645	setproctitle("%s", "[accepted]");	1680	setproctitle("%s", "[accepted]");
		1681
		1682	#ifdef OOM_ADJUST
		1683	oom_restore();
		1684	#endif
1646		1685
1647	/*	1686	/*
1648	* Create a new session and process group since the 4.4BSD	1687	* Create a new session and process group since the 4.4BSD

Lines 18-24 Link Here

(-)openbsd-compat/port-linux.c (-2 / +54 lines)
18	*/	18	*/
19		19
20	/*	20	/*
21	* Linux-specific portability code - just SELinux support at present	21	* Linux-specific portability code
22	*/	22	*/
23		23
24	#include "includes.h"	24	#include "includes.h"
Lines 27-34 Link Here
27	#include <stdarg.h>	27	#include <stdarg.h>
28	#include <string.h>	28	#include <string.h>
29		29
30	#ifdef WITH_SELINUX	30	#ifdef OOM_ADJUST
		31	#include <sys/types.h>
		32	#include <sys/stat.h>
		33	#include <fcntl.h>
		34	#include <unistd.h>
		35	#endif
		36
31	#include "log.h"	37	#include "log.h"
		38
		39	#ifdef WITH_SELINUX
32	#include "port-linux.h"	40	#include "port-linux.h"
33		41
34	#include <selinux/selinux.h>	42	#include <selinux/selinux.h>
Lines 169-171 ssh_selinux_setup_pty(char *pwname, cons Link Here
169	debug3("%s: done", __func__);	177	debug3("%s: done", __func__);
170	}	178	}
171	#endif /* WITH_SELINUX */	179	#endif /* WITH_SELINUX */
		180
		181	#ifdef OOM_ADJUST
		182	/* Get the out-of-memory adjustment file for the current process */
		183	int
		184	oom_adj_open(void)
		185	{
		186	int fd = open("/proc/self/oom_adj", O_RDWR);
		187	if (fd < 0)
		188	logit("error opening /proc/self/oom_adj: %s", strerror(errno));
		189	return fd;
		190	}
		191
		192	/* Get the current OOM adjustment */
		193	int
		194	oom_adj_get(char *buf, size_t maxlen)
		195	{
		196	ssize_t n;
		197	int fd = oom_adj_open();
		198	if (fd < 0)
		199	return -1;
		200	n = read(fd, buf, maxlen);
		201	if (n < 0)
		202	logit("error reading /proc/self/oom_adj: %s", strerror(errno));
		203	else
		204	buf[n] = '\0';
		205	close(fd);
		206	return n < 0 ? -1 : 0;
		207	}
		208
		209	/* Set the current OOM adjustment */
		210	int
		211	oom_adj_set(const char *buf)
		212	{
		213	ssize_t n;
		214	int fd = oom_adj_open();
		215	if (fd < 0)
		216	return -1;
		217	n = write(fd, buf, strlen(buf));
		218	if (n < 0)
		219	logit("error writing /proc/self/oom_adj: %s", strerror(errno));
		220	close(fd);
		221	return n < 0 ? -1 : 0;
		222	}
		223	#endif

Lines 25-28 void ssh_selinux_setup_pty(char *, const Link Here

(-)openbsd-compat/port-linux.h (+6 lines)
25	void ssh_selinux_setup_exec_context(char *);	25	void ssh_selinux_setup_exec_context(char *);
26	#endif	26	#endif
27		27
		28	#ifdef OOM_ADJUST
		29	int oom_adj_open(void);
		30	int oom_adj_get(char *buf, size_t maxlen);
		31	int oom_adj_set(const char *buf);
		32	#endif
		33
28	#endif /* ! _PORT_LINUX_H */	34	#endif /* ! _PORT_LINUX_H */

Return to bug 1470