linux-stable/kernel
Davide Libenzi 7ef9964e6d epoll: introduce resource usage limits
It has been thought that the per-user file descriptors limit would also
limit the resources that a normal user can request via the epoll
interface.  Vegard Nossum reported a very simple program (a modified
version attached) that can make a normal user to request a pretty large
amount of kernel memory, well within the its maximum number of fds.  To
solve such problem, default limits are now imposed, and /proc based
configuration has been introduced.  A new directory has been created,
named /proc/sys/fs/epoll/ and inside there, there are two configuration
points:

  max_user_instances = Maximum number of devices - per user

  max_user_watches   = Maximum number of "watched" fds - per user

The current default for "max_user_watches" limits the memory used by epoll
to store "watches", to 1/32 of the amount of the low RAM.  As example, a
256MB 32bit machine, will have "max_user_watches" set to roughly 90000.
That should be enough to not break existing heavy epoll users.  The
default value for "max_user_instances" is set to 128, that should be
enough too.

This also changes the userspace, because a new error code can now come out
from EPOLL_CTL_ADD (-ENOSPC).  The EMFILE from epoll_create() was already
listed, so that should be ok.

[akpm@linux-foundation.org: use get_current_user()]
Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: <stable@kernel.org>
Cc: Cyrill Gorcunov <gorcunov@gmail.com>
Reported-by: Vegard Nossum <vegardno@ifi.uio.no>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-12-01 19:55:24 -08:00
..
irq genirq: __irq_set_trigger: change pr_warning to pr_debug 2008-11-13 11:59:48 +01:00
power suspend: use WARN not WARN_ON to print the message 2008-11-18 08:07:36 -08:00
time nohz: disable tick_nohz_kick_tick() for now 2008-11-10 22:39:27 +01:00
trace ftrace: prevent recursion 2008-11-27 10:11:53 +01:00
.gitignore
acct.c tty: Fix abusers of current->sighand->tty 2008-10-13 09:51:42 -07:00
audit.c
audit.h
audit_tree.c Fix inotify watch removal/umount races 2008-11-15 12:26:44 -08:00
auditfilter.c Fix inotify watch removal/umount races 2008-11-15 12:26:44 -08:00
auditsc.c tty: Fix abusers of current->sighand->tty 2008-10-13 09:51:42 -07:00
backtracetest.c
bounds.c
capability.c
cgroup.c cgroups: fix a serious bug in cgroupstats 2008-11-19 18:50:00 -08:00
cgroup_debug.c cgroups: fix probable race with put_css_set[_taskexit] and find_css_set 2008-10-20 08:52:38 -07:00
cgroup_freezer.c freezer_cg: disable writing freezer.state of root cgroup 2008-11-12 17:17:16 -08:00
compat.c Merge branches 'timers/clocksource', 'timers/hrtimers', 'timers/nohz', 'timers/ntp', 'timers/posixtimers' and 'timers/debug' into v28-timers-for-linus 2008-10-20 13:14:06 +02:00
configs.c kernel/configs.c: remove useless comments 2008-10-20 08:52:34 -07:00
cpu.c cpuinit fixes in kernel/* 2008-11-30 10:03:37 -08:00
cpuset.c sched, cpusets: fix warning in kernel/cpuset.c 2008-11-29 20:39:29 +01:00
delayacct.c
dma-coherent.c
dma.c kernel/dma.c: remove a CVS keyword 2008-10-16 11:21:30 -07:00
exec_domain.c proc: move /proc/execdomains to kernel/exec_domain.c 2008-10-23 14:30:41 +04:00
exit.c Move "exit_robust_list" into mm_release() 2008-11-15 10:20:36 -08:00
extable.c
fork.c Move "exit_robust_list" into mm_release() 2008-11-15 10:20:36 -08:00
freezer.c freezer_cg: use thaw_process() in unfreeze_cgroup() 2008-10-30 11:38:45 -07:00
futex.c hrtimer: make the futex() system call use the per process slack value 2008-09-11 07:17:00 -07:00
futex_compat.c
hrtimer.c hrtimer: clean up unused callback modes 2008-11-12 09:54:40 +01:00
itimer.c timers: fix itimer/many thread hang 2008-09-14 16:25:35 +02:00
kallsyms.c sprint_symbol(): use less stack 2008-11-19 18:49:58 -08:00
Kconfig.freezer container freezer: implement freezer cgroup subsystem 2008-10-20 08:52:34 -07:00
Kconfig.hz
Kconfig.preempt
kexec.c kexec: fix crash_save_vmcoreinfo_init build problem 2008-10-20 15:28:50 -07:00
kfifo.c
kgdb.c kgdb: call touch_softlockup_watchdog on resume 2008-10-06 13:50:59 -05:00
kmod.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus 2008-10-16 12:38:34 -07:00
kprobes.c kernel/kprobes.c: don't pad kretprobe_table_locks[] on uniprocessor builds 2008-11-12 17:17:17 -08:00
ksysfs.c profiling: dynamically enable readprofile at runtime 2008-10-16 11:21:31 -07:00
kthread.c Merge branch 'tracing-v28-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2008-10-20 13:35:07 -07:00
latencytop.c
lockdep.c lockdep: consistent alignement for lockdep info 2008-11-21 08:59:40 +01:00
lockdep_internals.h
lockdep_proc.c
Makefile Remove -mno-spe flags as they dont belong 2008-11-17 13:24:35 -08:00
marker.c markers: bit-field is not thread-safe nor smp-safe 2008-10-14 10:38:45 +02:00
module.c Merge branch 'proc' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/proc 2008-10-23 12:04:37 -07:00
mutex-debug.c
mutex-debug.h
mutex.c
mutex.h
notifier.c ftrace: ignore functions that cannot be kprobe-ed 2008-10-14 10:34:22 +02:00
ns_cgroup.c
nsproxy.c
panic.c Make panic= and panic_on_oops into core_params 2008-10-22 10:00:25 +11:00
params.c Fix compile warning in kernel/params.c 2008-10-23 12:09:00 -07:00
pid.c
pid_namespace.c
pm_qos_params.c
posix-cpu-timers.c sched, signals: fix the racy usage of ->signal in account_group_xxx/run_posix_cpu_timers 2008-11-17 16:49:35 +01:00
posix-timers.c Merge branch 'timers/range-hrtimers' into v28-range-hrtimers-for-linus-v2 2008-10-22 09:48:06 +02:00
printk.c printk: remove unused code from kernel/printk.c 2008-10-23 21:54:29 +02:00
profile.c cpuinit fixes in kernel/* 2008-11-30 10:03:37 -08:00
ptrace.c remove __ARCH_WANT_COMPAT_SYS_PTRACE 2008-11-30 11:00:15 -08:00
rcuclassic.c rcu: RCU-based detection of stalled CPUs for Classic RCU, fix 2008-10-03 10:41:00 +02:00
rcupdate.c rcupdate: fix bug of rcu_barrier*() 2008-10-21 15:59:53 +02:00
rcupreempt.c byteorder: remove direct includes of linux/byteorder/swab[b].h 2008-10-20 08:52:40 -07:00
rcupreempt_trace.c
rcutorture.c byteorder: remove direct includes of linux/byteorder/swab[b].h 2008-10-20 12:51:53 -07:00
relay.c relay: fix cpu offline problem 2008-11-18 15:08:56 +01:00
res_counter.c
resource.c reserve_region_with_split: Fix GFP_KERNEL usage under spinlock 2008-11-01 09:53:58 -07:00
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c
rtmutex.c
rtmutex.h
rtmutex_common.h
rwsem.c
sched.c sched: prevent divide by zero error in cpu_avg_load_per_task, update 2008-11-29 20:45:15 +01:00
sched_clock.c sched_clock: prevent scd->clock from moving backwards 2008-10-10 11:17:04 +02:00
sched_cpupri.c
sched_cpupri.h
sched_debug.c sched: fix kernel warning on /proc/sched_debug access 2008-11-16 08:07:15 +01:00
sched_fair.c sched: release buddies on yield 2008-11-11 11:57:22 +01:00
sched_features.h sched: backward looking buddy 2008-11-05 10:30:14 +01:00
sched_idletask.c sched: add CONFIG_SMP consistency 2008-10-22 10:01:52 +02:00
sched_rt.c Merge commit 'v2.6.28-rc1' into sched/urgent 2008-10-24 12:48:46 +02:00
sched_stats.h sched, signals: fix the racy usage of ->signal in account_group_xxx/run_posix_cpu_timers 2008-11-17 16:49:35 +01:00
seccomp.c
semaphore.c
signal.c 'kill sig -1' must only apply to caller's namespace 2008-10-30 11:38:46 -07:00
smp.c generic-ipi: fix the smp_mb() placement 2008-11-06 08:41:56 +01:00
softirq.c irq: call __irq_enter() before calling the tick_idle_check 2008-11-10 22:36:39 +01:00
softlockup.c Make the taint flags reliable 2008-10-16 11:21:31 -07:00
spinlock.c
srcu.c
stacktrace.c
stop_machine.c stop_machine: fix race with return value (fixes Bug #11989) 2008-11-16 15:09:52 -08:00
sys.c Merge branch 'timers/range-hrtimers' into v28-range-hrtimers-for-linus-v2 2008-10-22 09:48:06 +02:00
sys_ni.c reintroduce accept4 2008-11-19 18:49:57 -08:00
sysctl.c epoll: introduce resource usage limits 2008-12-01 19:55:24 -08:00
sysctl_check.c
taskstats.c
test_kprobes.c
time.c
timeconst.pl
timer.c Add round_jiffies_up and related routines 2008-11-06 08:42:48 +01:00
tracepoint.c tracepoint: check if the probe has been registered 2008-10-27 16:45:46 +01:00
tsacct.c
uid16.c
user.c
user_namespace.c
utsname.c
utsname_sysctl.c sysctl: simplify ->strategy 2008-10-16 11:21:47 -07:00
wait.c wait: kill is_sync_wait() 2008-10-16 11:21:31 -07:00
workqueue.c cpumask: introduce new API, without changing anything 2008-11-06 09:05:33 +01:00