• Davide Libenzi's avatar
    epoll: introduce resource usage limits · 7ef9964e
    Davide Libenzi authored
    It has been thought that the per-user file descriptors limit would also
    limit the resources that a normal user can request via the epoll
    interface.  Vegard Nossum reported a very simple program (a modified
    version attached) that can make a normal user to request a pretty large
    amount of kernel memory, well within the its maximum number of fds.  To
    solve such problem, default limits are now imposed, and /proc based
    configuration has been introduced.  A new directory has been created,
    named /proc/sys/fs/epoll/ and inside there, there are two configuration
    points:
    
      max_user_instances = Maximum number of devices - per user
    
      max_user_watches   = Maximum number of "watched" fds - per user
    
    The current default for "max_user_watches" limits the memory used by epoll
    to store "watches", to 1/32 of the amount of the low RAM.  As example, a
    256MB 32bit machine, will have "max_user_watches" set to roughly 90000.
    That should be enough to not break existing heavy epoll users.  The
    default value for "max_user_instances" is set to 128, that should be
    enough too.
    
    This also changes the userspace, because a new error code can now come out
    from EPOLL_CTL_ADD (-ENOSPC).  The EMFILE from epoll_create() was already
    listed, so that should be ok.
    
    [akpm@linux-foundation.org: use get_current_user()]
    Signed-off-by: default avatarDavide Libenzi <davidel@xmailserver.org>
    Cc: Michael Kerrisk <mtk.manpages@gmail.com>
    Cc: <stable@kernel.org>
    Cc: Cyrill Gorcunov <gorcunov@gmail.com>
    Reported-by: default avatarVegard Nossum <vegardno@ifi.uio.no>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    7ef9964e
sysctl.c 71 KB