aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/sysctl.c
diff options
context:
space:
mode:
authorNeil Horman <nhorman@tuxdriver.com>2009-09-23 18:56:56 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2009-09-24 10:21:00 -0400
commita293980c2e261bd5b0d2a77340dd04f684caff58 (patch)
tree69f2b2747548deafb146c18953ebce21ae1f02d4 /kernel/sysctl.c
parent725eae32df7754044809973034429a47e6035158 (diff)
exec: let do_coredump() limit the number of concurrent dumps to pipes
Introduce core pipe limiting sysctl. Since we can dump cores to pipe, rather than directly to the filesystem, we create a condition in which a user can create a very high load on the system simply by running bad applications. If the pipe reader specified in core_pattern is poorly written, we can have lots of ourstandig resources and processes in the system. This sysctl introduces an ability to limit that resource consumption. core_pipe_limit defines how many in-flight dumps may be run in parallel, dumps beyond this value are skipped and a note is made in the kernel log. A special value of 0 in core_pipe_limit denotes unlimited core dumps may be handled (this is the default value). [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Reported-by: Earl Chew <earl_chew@agilent.com> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: Andi Kleen <andi@firstfloor.org> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/sysctl.c')
-rw-r--r--kernel/sysctl.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 7f4f57bea4ce..37abb8c3995b 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -76,6 +76,7 @@ extern int max_threads;
76extern int core_uses_pid; 76extern int core_uses_pid;
77extern int suid_dumpable; 77extern int suid_dumpable;
78extern char core_pattern[]; 78extern char core_pattern[];
79extern unsigned int core_pipe_limit;
79extern int pid_max; 80extern int pid_max;
80extern int min_free_kbytes; 81extern int min_free_kbytes;
81extern int pid_max_min, pid_max_max; 82extern int pid_max_min, pid_max_max;
@@ -423,6 +424,14 @@ static struct ctl_table kern_table[] = {
423 .proc_handler = &proc_dostring, 424 .proc_handler = &proc_dostring,
424 .strategy = &sysctl_string, 425 .strategy = &sysctl_string,
425 }, 426 },
427 {
428 .ctl_name = CTL_UNNUMBERED,
429 .procname = "core_pipe_limit",
430 .data = &core_pipe_limit,
431 .maxlen = sizeof(unsigned int),
432 .mode = 0644,
433 .proc_handler = &proc_dointvec,
434 },
426#ifdef CONFIG_PROC_SYSCTL 435#ifdef CONFIG_PROC_SYSCTL
427 { 436 {
428 .procname = "tainted", 437 .procname = "tainted",