Re: [patch 016/104] epoll: introduce resource usage limits

On Sun, Jan 25, 2009 at 10:01:27PM +1100, Bron Gondwana wrote:
On Sun, Jan 25, 2009 at 12:03:34AM +1100, Bron Gondwana wrote:
The attached patches do this - the first bumps the default to 1024, and
the second adds /proc/sys/fs/epoll/limits which contains 4 values. The
first two are the maximum current value for each field, and the second
two are the values of max_user_instances and max_user_watches again,
similar to the file-max interface.

And this third one (on top of the other two) adds the UIDs of the most
heavily using users to the "limits" file, to help you track them down.

Patch 4 - I'll stop now ;)

Allow '0' for unlimited for both limits.

I notice that root gets limited same as anyone else. Any opinion on
special-casing root and not limiting the number of epolls they can
create? There are plenty of other ways root can be nasty if it's so
inclined!

Bron.
From ced9c438dc5120140b3af950618183343ca3d530 Mon Sep 17 00:00:00 2001
From: Bron Gondwana <brong@xxxxxxxxxxx>
Date: Sun, 25 Jan 2009 23:17:31 +1100
Subject: [PATCH] epoll: allow 0 for "unlimited" on epoll limits

---
fs/eventpoll.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 2113795..ce8879b 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -597,8 +597,9 @@ static int ep_alloc(struct eventpoll **pep)

user = get_current_user();
error = -EMFILE;
- if (unlikely(atomic_read(&user->epoll_devs) >=
- epoll_limits.max_user_instances))
+ if (unlikely(epoll_limits.max_user_instances &&
+ (atomic_read(&user->epoll_devs) >=
+ epoll_limits.max_user_instances)))
goto free_uid;
error = -ENOMEM;
ep = kzalloc(sizeof(*ep), GFP_KERNEL);
@@ -776,8 +777,9 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event,
struct epitem *epi;
struct ep_pqueue epq;

- if (unlikely(atomic_read(&ep->user->epoll_watches) >=
- epoll_limits.max_user_watches))
+ if (unlikely(epoll_limits.max_user_watches &&
+ (atomic_read(&ep->user->epoll_watches) >=
+ epoll_limits.max_user_watches)))
return -ENOSPC;
if (!(epi = kmem_cache_alloc(epi_cache, GFP_KERNEL)))
return -ENOMEM;
--
1.5.6.3

Relevant Pages

  • We prescribe the desperate thought.
    ... While limits ... Many youths formerly root the simple childhood. ... It might wind everywhere if Abdullah's aim isn't prominent. ... Hardly any rare impressive dangers will above escape the maximums. ...
    (sci.crypt)
  • Re: [PATCH] Security: Implement and document RLIMIT_NETWORK.
    ... in the same way that a setuid root ... rlimit has both 'hard' and 'soft' limits. ... hard limit, but can only *irrevocably lower* its hard limit. ... further connections to some other network resource. ...
    (Linux-Kernel)
  • Re: another sockets library
    ... which limits possible errors. ... E.g. the starvation problem can occur, only, ... level-triggering for netWrite didn't fit with the Windows way of FD_WRITE ... Some Q&As are dealing with more than one epoll fd. ...
    (comp.lang.lisp)
  • Re: [SLE] Permission Problem
    ... The problem was the number of open files limit. ... installed as root. ... >> running the installer as root one time, ... > Linux, have limits on the number of open files. ...
    (SuSE)
  • Re: Multiple vendors FTP denial of service
    ... > FTPD is run as root. ... The resources are set for the user who logged in through ftp. ... So, unless you login as root over ftp, you just set limits on the ...
    (FreeBSD-Security)