7ef9964e6d
It has been thought that the per-user file descriptors limit would also limit the resources that a normal user can request via the epoll interface. Vegard Nossum reported a very simple program (a modified version attached) that can make a normal user to request a pretty large amount of kernel memory, well within the its maximum number of fds. To solve such problem, default limits are now imposed, and /proc based configuration has been introduced. A new directory has been created, named /proc/sys/fs/epoll/ and inside there, there are two configuration points: max_user_instances = Maximum number of devices - per user max_user_watches = Maximum number of "watched" fds - per user The current default for "max_user_watches" limits the memory used by epoll to store "watches", to 1/32 of the amount of the low RAM. As example, a 256MB 32bit machine, will have "max_user_watches" set to roughly 90000. That should be enough to not break existing heavy epoll users. The default value for "max_user_instances" is set to 128, that should be enough too. This also changes the userspace, because a new error code can now come out from EPOLL_CTL_ADD (-ENOSPC). The EMFILE from epoll_create() was already listed, so that should be ok. [akpm@linux-foundation.org: use get_current_user()] Signed-off-by: Davide Libenzi <davidel@xmailserver.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: <stable@kernel.org> Cc: Cyrill Gorcunov <gorcunov@gmail.com> Reported-by: Vegard Nossum <vegardno@ifi.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| ABI | ||
| accounting | ||
| acpi | ||
| aoe | ||
| arm | ||
| auxdisplay | ||
| blackfin | ||
| block | ||
| blockdev | ||
| cdrom | ||
| cgroups | ||
| connector | ||
| console | ||
| controllers | ||
| cpu-freq | ||
| cpuidle | ||
| cris | ||
| crypto | ||
| development-process | ||
| device-mapper | ||
| DocBook | ||
| driver-model | ||
| dvb | ||
| early-userspace | ||
| fault-injection | ||
| fb | ||
| filesystems | ||
| firmware_class | ||
| frv | ||
| hwmon | ||
| i2c | ||
| i2o | ||
| ia64 | ||
| ide | ||
| infiniband | ||
| input | ||
| ioctl | ||
| isdn | ||
| ja_JP | ||
| kbuild | ||
| kdump | ||
| ko_KR | ||
| laptops | ||
| lguest | ||
| m68k | ||
| make | ||
| mips | ||
| mn10300 | ||
| mtd | ||
| namespaces | ||
| netlabel | ||
| networking | ||
| parisc | ||
| PCI | ||
| pcmcia | ||
| power | ||
| powerpc | ||
| prctl | ||
| RCU | ||
| s390 | ||
| scheduler | ||
| scsi | ||
| serial | ||
| sh | ||
| sound | ||
| sparc | ||
| spi | ||
| sysctl | ||
| telephony | ||
| thermal | ||
| timers | ||
| tracers | ||
| uml | ||
| usb | ||
| video4linux | ||
| vm | ||
| w1 | ||
| watchdog | ||
| x86 | ||
| zh_CN | ||
| 00-INDEX | ||
| applying-patches.txt | ||
| atomic_ops.txt | ||
| basic_profiling.txt | ||
| binfmt_misc.txt | ||
| braille-console.txt | ||
| bt8xxgpio.txt | ||
| BUG-HUNTING | ||
| c2port.txt | ||
| cachetlb.txt | ||
| Changes | ||
| CodingStyle | ||
| cpu-hotplug.txt | ||
| cpu-load.txt | ||
| cpusets.txt | ||
| cputopology.txt | ||
| dcdbas.txt | ||
| debugging-modules.txt | ||
| debugging-via-ohci1394.txt | ||
| dell_rbu.txt | ||
| devices.txt | ||
| DMA-API.txt | ||
| DMA-attributes.txt | ||
| DMA-ISA-LPC.txt | ||
| DMA-mapping.txt | ||
| dontdiff | ||
| edac.txt | ||
| eisa.txt | ||
| email-clients.txt | ||
| exception.txt | ||
| feature-removal-schedule.txt | ||
| ftrace.txt | ||
| gpio.txt | ||
| highuid.txt | ||
| HOWTO | ||
| hw_random.txt | ||
| ics932s401 | ||
| initrd.txt | ||
| Intel-IOMMU.txt | ||
| io_ordering.txt | ||
| io-mapping.txt | ||
| IO-mapping.txt | ||
| iostats.txt | ||
| IPMI.txt | ||
| IRQ-affinity.txt | ||
| IRQ.txt | ||
| irqflags-tracing.txt | ||
| isapnp.txt | ||
| java.txt | ||
| kernel-doc-nano-HOWTO.txt | ||
| kernel-docs.txt | ||
| kernel-parameters.txt | ||
| keys-request-key.txt | ||
| keys.txt | ||
| kobject.txt | ||
| kprobes.txt | ||
| kref.txt | ||
| ldm.txt | ||
| leds-class.txt | ||
| local_ops.txt | ||
| lockdep-design.txt | ||
| lockstat.txt | ||
| logo.gif | ||
| logo.txt | ||
| magic-number.txt | ||
| Makefile | ||
| ManagementStyle | ||
| markers.txt | ||
| mca.txt | ||
| md.txt | ||
| memory-barriers.txt | ||
| memory-hotplug.txt | ||
| memory.txt | ||
| mono.txt | ||
| mutex-design.txt | ||
| nmi_watchdog.txt | ||
| nommu-mmap.txt | ||
| numastat.txt | ||
| oops-tracing.txt | ||
| parport-lowlevel.txt | ||
| parport.txt | ||
| pi-futex.txt | ||
| pnp.txt | ||
| preempt-locking.txt | ||
| printk-formats.txt | ||
| prio_tree.txt | ||
| rbtree.txt | ||
| rfkill.txt | ||
| robust-futex-ABI.txt | ||
| robust-futexes.txt | ||
| rt-mutex-design.txt | ||
| rt-mutex.txt | ||
| rtc.txt | ||
| SAK.txt | ||
| SecurityBugs | ||
| SELinux.txt | ||
| serial-console.txt | ||
| sgi-ioc4.txt | ||
| sgi-visws.txt | ||
| SM501.txt | ||
| Smack.txt | ||
| sparse.txt | ||
| spinlocks.txt | ||
| stable_api_nonsense.txt | ||
| stable_kernel_rules.txt | ||
| SubmitChecklist | ||
| SubmittingDrivers | ||
| SubmittingPatches | ||
| svga.txt | ||
| sysfs-rules.txt | ||
| sysrq.txt | ||
| tracepoints.txt | ||
| unaligned-memory-access.txt | ||
| unicode.txt | ||
| unshare.txt | ||
| VGA-softcursor.txt | ||
| video-output.txt | ||
| volatile-considered-harmful.txt | ||
| voyager.txt | ||
| zorro.txt | ||
