mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-15 15:15:47 +00:00
5b8fea65d1
fanotify has some hardcoded limits. The only APIs to escape those limits are FAN_UNLIMITED_QUEUE and FAN_UNLIMITED_MARKS. Allow finer grained tuning of the system limits via sysfs tunables under /proc/sys/fs/fanotify, similar to tunables under /proc/sys/fs/inotify, with some minor differences. - max_queued_events - global system tunable for group queue size limit. Like the inotify tunable with the same name, it defaults to 16384 and applies on initialization of a new group. - max_user_marks - user ns tunable for marks limit per user. Like the inotify tunable named max_user_watches, on a machine with sufficient RAM and it defaults to 1048576 in init userns and can be further limited per containing user ns. - max_user_groups - user ns tunable for number of groups per user. Like the inotify tunable named max_user_instances, it defaults to 128 in init userns and can be further limited per containing user ns. The slightly different tunable names used for fanotify are derived from the "group" and "mark" terminology used in the fanotify man pages and throughout the code. Considering the fact that the default value for max_user_instances was increased in kernel v5.10 from 8192 to 1048576, leaving the legacy fanotify limit of 8192 marks per group in addition to the max_user_marks limit makes little sense, so the per group marks limit has been removed. Note that when a group is initialized with FAN_UNLIMITED_MARKS, its own marks are not accounted in the per user marks account, so in effect the limit of max_user_marks is only for the collection of groups that are not initialized with FAN_UNLIMITED_MARKS. Link: https://lore.kernel.org/r/20210304112921.3996419-2-amir73il@gmail.com Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
61 lines
1.8 KiB
C
61 lines
1.8 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _LINUX_SCHED_USER_H
|
|
#define _LINUX_SCHED_USER_H
|
|
|
|
#include <linux/uidgid.h>
|
|
#include <linux/atomic.h>
|
|
#include <linux/refcount.h>
|
|
#include <linux/ratelimit.h>
|
|
|
|
/*
|
|
* Some day this will be a full-fledged user tracking system..
|
|
*/
|
|
struct user_struct {
|
|
refcount_t __count; /* reference count */
|
|
atomic_t processes; /* How many processes does this user have? */
|
|
atomic_t sigpending; /* How many pending signals does this user have? */
|
|
#ifdef CONFIG_EPOLL
|
|
atomic_long_t epoll_watches; /* The number of file descriptors currently watched */
|
|
#endif
|
|
#ifdef CONFIG_POSIX_MQUEUE
|
|
/* protected by mq_lock */
|
|
unsigned long mq_bytes; /* How many bytes can be allocated to mqueue? */
|
|
#endif
|
|
unsigned long locked_shm; /* How many pages of mlocked shm ? */
|
|
unsigned long unix_inflight; /* How many files in flight in unix sockets */
|
|
atomic_long_t pipe_bufs; /* how many pages are allocated in pipe buffers */
|
|
|
|
/* Hash table maintenance information */
|
|
struct hlist_node uidhash_node;
|
|
kuid_t uid;
|
|
|
|
#if defined(CONFIG_PERF_EVENTS) || defined(CONFIG_BPF_SYSCALL) || \
|
|
defined(CONFIG_NET) || defined(CONFIG_IO_URING)
|
|
atomic_long_t locked_vm;
|
|
#endif
|
|
#ifdef CONFIG_WATCH_QUEUE
|
|
atomic_t nr_watches; /* The number of watches this user currently has */
|
|
#endif
|
|
|
|
/* Miscellaneous per-user rate limit */
|
|
struct ratelimit_state ratelimit;
|
|
};
|
|
|
|
extern int uids_sysfs_init(void);
|
|
|
|
extern struct user_struct *find_user(kuid_t);
|
|
|
|
extern struct user_struct root_user;
|
|
#define INIT_USER (&root_user)
|
|
|
|
|
|
/* per-UID process charging. */
|
|
extern struct user_struct * alloc_uid(kuid_t);
|
|
static inline struct user_struct *get_uid(struct user_struct *u)
|
|
{
|
|
refcount_inc(&u->__count);
|
|
return u;
|
|
}
|
|
extern void free_uid(struct user_struct *);
|
|
|
|
#endif /* _LINUX_SCHED_USER_H */
|