diff options
author | Neil Horman <nhorman@tuxdriver.com> | 2009-09-23 18:56:56 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-09-24 10:21:00 -0400 |
commit | a293980c2e261bd5b0d2a77340dd04f684caff58 (patch) | |
tree | 69f2b2747548deafb146c18953ebce21ae1f02d4 /kernel/sysctl.c | |
parent | 725eae32df7754044809973034429a47e6035158 (diff) |
exec: let do_coredump() limit the number of concurrent dumps to pipes
Introduce core pipe limiting sysctl.
Since we can dump cores to pipe, rather than directly to the filesystem,
we create a condition in which a user can create a very high load on the
system simply by running bad applications.
If the pipe reader specified in core_pattern is poorly written, we can
have lots of ourstandig resources and processes in the system.
This sysctl introduces an ability to limit that resource consumption.
core_pipe_limit defines how many in-flight dumps may be run in parallel,
dumps beyond this value are skipped and a note is made in the kernel log.
A special value of 0 in core_pipe_limit denotes unlimited core dumps may
be handled (this is the default value).
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: Earl Chew <earl_chew@agilent.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/sysctl.c')
-rw-r--r-- | kernel/sysctl.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 7f4f57bea4ce..37abb8c3995b 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
@@ -76,6 +76,7 @@ extern int max_threads; | |||
76 | extern int core_uses_pid; | 76 | extern int core_uses_pid; |
77 | extern int suid_dumpable; | 77 | extern int suid_dumpable; |
78 | extern char core_pattern[]; | 78 | extern char core_pattern[]; |
79 | extern unsigned int core_pipe_limit; | ||
79 | extern int pid_max; | 80 | extern int pid_max; |
80 | extern int min_free_kbytes; | 81 | extern int min_free_kbytes; |
81 | extern int pid_max_min, pid_max_max; | 82 | extern int pid_max_min, pid_max_max; |
@@ -423,6 +424,14 @@ static struct ctl_table kern_table[] = { | |||
423 | .proc_handler = &proc_dostring, | 424 | .proc_handler = &proc_dostring, |
424 | .strategy = &sysctl_string, | 425 | .strategy = &sysctl_string, |
425 | }, | 426 | }, |
427 | { | ||
428 | .ctl_name = CTL_UNNUMBERED, | ||
429 | .procname = "core_pipe_limit", | ||
430 | .data = &core_pipe_limit, | ||
431 | .maxlen = sizeof(unsigned int), | ||
432 | .mode = 0644, | ||
433 | .proc_handler = &proc_dointvec, | ||
434 | }, | ||
426 | #ifdef CONFIG_PROC_SYSCTL | 435 | #ifdef CONFIG_PROC_SYSCTL |
427 | { | 436 | { |
428 | .procname = "tainted", | 437 | .procname = "tainted", |