diff options
author | Davide Libenzi <davidel@xmailserver.org> | 2009-01-29 17:25:26 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-01-29 21:04:45 -0500 |
commit | 9df04e1f25effde823a600e755b51475d438f56b (patch) | |
tree | 57a207adf5e4bfb010000724dc1482e421933be4 | |
parent | 3095eb87bb36ae880608fe3fc46cfd59ced1f319 (diff) |
epoll: drop max_user_instances and rely only on max_user_watches
Linus suggested to put limits where the money is, and max_user_watches
already does that w/out the need of max_user_instances. That has the
advantage to mitigate the potential DoS while allowing pretty generous
default behavior.
Allowing top 4% of low memory (per user) to be allocated in epoll watches,
we have:
LOMEM MAX_WATCHES (per user)
512MB ~178000
1GB ~356000
2GB ~712000
A box with 512MB of lomem, will meet some challenge in hitting 180K
watches, socket buffers math teaches us. No more max_user_instances
limits then.
Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Bron Gondwana <brong@fastmail.fm>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/eventpoll.c | 22 | ||||
-rw-r--r-- | include/linux/sched.h | 1 |
2 files changed, 4 insertions, 19 deletions
diff --git a/fs/eventpoll.c b/fs/eventpoll.c index ba2f9ec7119..011b9b8c90c 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c | |||
@@ -234,8 +234,6 @@ struct ep_pqueue { | |||
234 | /* | 234 | /* |
235 | * Configuration options available inside /proc/sys/fs/epoll/ | 235 | * Configuration options available inside /proc/sys/fs/epoll/ |
236 | */ | 236 | */ |
237 | /* Maximum number of epoll devices, per user */ | ||
238 | static int max_user_instances __read_mostly; | ||
239 | /* Maximum number of epoll watched descriptors, per user */ | 237 | /* Maximum number of epoll watched descriptors, per user */ |
240 | static int max_user_watches __read_mostly; | 238 | static int max_user_watches __read_mostly; |
241 | 239 | ||
@@ -261,14 +259,6 @@ static int zero; | |||
261 | 259 | ||
262 | ctl_table epoll_table[] = { | 260 | ctl_table epoll_table[] = { |
263 | { | 261 | { |
264 | .procname = "max_user_instances", | ||
265 | .data = &max_user_instances, | ||
266 | .maxlen = sizeof(int), | ||
267 | .mode = 0644, | ||
268 | .proc_handler = &proc_dointvec_minmax, | ||
269 | .extra1 = &zero, | ||
270 | }, | ||
271 | { | ||
272 | .procname = "max_user_watches", | 262 | .procname = "max_user_watches", |
273 | .data = &max_user_watches, | 263 | .data = &max_user_watches, |
274 | .maxlen = sizeof(int), | 264 | .maxlen = sizeof(int), |
@@ -491,7 +481,6 @@ static void ep_free(struct eventpoll *ep) | |||
491 | 481 | ||
492 | mutex_unlock(&epmutex); | 482 | mutex_unlock(&epmutex); |
493 | mutex_destroy(&ep->mtx); | 483 | mutex_destroy(&ep->mtx); |
494 | atomic_dec(&ep->user->epoll_devs); | ||
495 | free_uid(ep->user); | 484 | free_uid(ep->user); |
496 | kfree(ep); | 485 | kfree(ep); |
497 | } | 486 | } |
@@ -581,10 +570,6 @@ static int ep_alloc(struct eventpoll **pep) | |||
581 | struct eventpoll *ep; | 570 | struct eventpoll *ep; |
582 | 571 | ||
583 | user = get_current_user(); | 572 | user = get_current_user(); |
584 | error = -EMFILE; | ||
585 | if (unlikely(atomic_read(&user->epoll_devs) >= | ||
586 | max_user_instances)) | ||
587 | goto free_uid; | ||
588 | error = -ENOMEM; | 573 | error = -ENOMEM; |
589 | ep = kzalloc(sizeof(*ep), GFP_KERNEL); | 574 | ep = kzalloc(sizeof(*ep), GFP_KERNEL); |
590 | if (unlikely(!ep)) | 575 | if (unlikely(!ep)) |
@@ -1141,7 +1126,6 @@ SYSCALL_DEFINE1(epoll_create1, int, flags) | |||
1141 | flags & O_CLOEXEC); | 1126 | flags & O_CLOEXEC); |
1142 | if (fd < 0) | 1127 | if (fd < 0) |
1143 | ep_free(ep); | 1128 | ep_free(ep); |
1144 | atomic_inc(&ep->user->epoll_devs); | ||
1145 | 1129 | ||
1146 | error_return: | 1130 | error_return: |
1147 | DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_create(%d) = %d\n", | 1131 | DNPRINTK(3, (KERN_INFO "[%p] eventpoll: sys_epoll_create(%d) = %d\n", |
@@ -1366,8 +1350,10 @@ static int __init eventpoll_init(void) | |||
1366 | struct sysinfo si; | 1350 | struct sysinfo si; |
1367 | 1351 | ||
1368 | si_meminfo(&si); | 1352 | si_meminfo(&si); |
1369 | max_user_instances = 128; | 1353 | /* |
1370 | max_user_watches = (((si.totalram - si.totalhigh) / 32) << PAGE_SHIFT) / | 1354 | * Allows top 4% of lomem to be allocated for epoll watches (per user). |
1355 | */ | ||
1356 | max_user_watches = (((si.totalram - si.totalhigh) / 25) << PAGE_SHIFT) / | ||
1371 | EP_ITEM_COST; | 1357 | EP_ITEM_COST; |
1372 | 1358 | ||
1373 | /* Initialize the structure used to perform safe poll wait head wake ups */ | 1359 | /* Initialize the structure used to perform safe poll wait head wake ups */ |
diff --git a/include/linux/sched.h b/include/linux/sched.h index 02e16d20730..5a7c7638873 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h | |||
@@ -630,7 +630,6 @@ struct user_struct { | |||
630 | atomic_t inotify_devs; /* How many inotify devs does this user have opened? */ | 630 | atomic_t inotify_devs; /* How many inotify devs does this user have opened? */ |
631 | #endif | 631 | #endif |
632 | #ifdef CONFIG_EPOLL | 632 | #ifdef CONFIG_EPOLL |
633 | atomic_t epoll_devs; /* The number of epoll descriptors currently open */ | ||
634 | atomic_t epoll_watches; /* The number of file descriptors currently watched */ | 633 | atomic_t epoll_watches; /* The number of file descriptors currently watched */ |
635 | #endif | 634 | #endif |
636 | #ifdef CONFIG_POSIX_MQUEUE | 635 | #ifdef CONFIG_POSIX_MQUEUE |