diff options
author | Davide Libenzi <davidel@xmailserver.org> | 2008-12-01 16:13:55 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-12-01 22:55:24 -0500 |
commit | 7ef9964e6d1b911b78709f144000aacadd0ebc21 (patch) | |
tree | 30667d0a2f8e53973ff48d2c02df48bbc6fe74aa /kernel/sysctl.c | |
parent | b7d271df873c5121a4ca1c70dea126b5920ec2f1 (diff) |
epoll: introduce resource usage limits
It has been thought that the per-user file descriptors limit would also
limit the resources that a normal user can request via the epoll
interface. Vegard Nossum reported a very simple program (a modified
version attached) that can make a normal user to request a pretty large
amount of kernel memory, well within the its maximum number of fds. To
solve such problem, default limits are now imposed, and /proc based
configuration has been introduced. A new directory has been created,
named /proc/sys/fs/epoll/ and inside there, there are two configuration
points:
max_user_instances = Maximum number of devices - per user
max_user_watches = Maximum number of "watched" fds - per user
The current default for "max_user_watches" limits the memory used by epoll
to store "watches", to 1/32 of the amount of the low RAM. As example, a
256MB 32bit machine, will have "max_user_watches" set to roughly 90000.
That should be enough to not break existing heavy epoll users. The
default value for "max_user_instances" is set to 128, that should be
enough too.
This also changes the userspace, because a new error code can now come out
from EPOLL_CTL_ADD (-ENOSPC). The EMFILE from epoll_create() was already
listed, so that should be ok.
[akpm@linux-foundation.org: use get_current_user()]
Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: <stable@kernel.org>
Cc: Cyrill Gorcunov <gorcunov@gmail.com>
Reported-by: Vegard Nossum <vegardno@ifi.uio.no>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/sysctl.c')
-rw-r--r-- | kernel/sysctl.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 9d048fa2d902..3d56fe7570da 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
@@ -176,6 +176,9 @@ extern struct ctl_table random_table[]; | |||
176 | #ifdef CONFIG_INOTIFY_USER | 176 | #ifdef CONFIG_INOTIFY_USER |
177 | extern struct ctl_table inotify_table[]; | 177 | extern struct ctl_table inotify_table[]; |
178 | #endif | 178 | #endif |
179 | #ifdef CONFIG_EPOLL | ||
180 | extern struct ctl_table epoll_table[]; | ||
181 | #endif | ||
179 | 182 | ||
180 | #ifdef HAVE_ARCH_PICK_MMAP_LAYOUT | 183 | #ifdef HAVE_ARCH_PICK_MMAP_LAYOUT |
181 | int sysctl_legacy_va_layout; | 184 | int sysctl_legacy_va_layout; |
@@ -1325,6 +1328,13 @@ static struct ctl_table fs_table[] = { | |||
1325 | .child = inotify_table, | 1328 | .child = inotify_table, |
1326 | }, | 1329 | }, |
1327 | #endif | 1330 | #endif |
1331 | #ifdef CONFIG_EPOLL | ||
1332 | { | ||
1333 | .procname = "epoll", | ||
1334 | .mode = 0555, | ||
1335 | .child = epoll_table, | ||
1336 | }, | ||
1337 | #endif | ||
1328 | #endif | 1338 | #endif |
1329 | { | 1339 | { |
1330 | .ctl_name = KERN_SETUID_DUMPABLE, | 1340 | .ctl_name = KERN_SETUID_DUMPABLE, |