redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/fs
History
Willy Tarreau 759c01142a pipe: limit the per-user amount of pages allocated in pipes 
On no-so-small systems, it is possible for a single process to cause an
OOM condition by filling large pipes with data that are never read. A
typical process filling 4000 pipes with 1 MB of data will use 4 GB of
memory. On small systems it may be tricky to set the pipe max size to
prevent this from happening.

This patch makes it possible to enforce a per-user soft limit above
which new pipes will be limited to a single page, effectively limiting
them to 4 kB each, as well as a hard limit above which no new pipes may
be created for this user. This has the effect of protecting the system
against memory abuse without hurting other users, and still allowing
pipes to work correctly though with less data at once.

The limit are controlled by two new sysctls : pipe-user-pages-soft, and
pipe-user-pages-hard. Both may be disabled by setting them to zero. The
default soft limit allows the default number of FDs per process (1024)
to create pipes of the default size (64kB), thus reaching a limit of 64MB
before starting to create only smaller pipes. With 256 processes limited
to 1024 FDs each, this results in 1024*64kB + (256*1024 - 1024) * 4kB =
1084 MB of memory allocated for a user. The hard limit is disabled by
default to avoid breaking existing applications that make intensive use
of pipes (eg: for splicing).

Reported-by: socketpair@gmail.com
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Mitigates: CVE-2013-4312 (Linux 2.0+)
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
 		2016-01-19 19:25:21 -05:00
..
9p kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
adfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
affs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
afs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
autofs4 switch ->get_link() to delayed_call, kill ->put_link() 2015-12-30 13:01:03 -05:00
befs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
bfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
btrfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
cachefiles convert a bunch of open-coded instances of memdup_user_nul() 2016-01-04 10:26:58 -05:00
ceph kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
cifs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
coda kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
configfs Configfs changes for the 4.5 merge window: 2016-01-12 18:15:34 -08:00
cramfs don't put symlink bodies in pagecache into highmem 2015-12-08 22:41:36 -05:00
debugfs debugfs: fix refcount imbalance in start_creating 2015-11-11 02:04:44 -05:00
devpts
dlm convert a bunch of open-coded instances of memdup_user_nul() 2016-01-04 10:26:58 -05:00
ecryptfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
efivarfs
efs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
exofs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
exportfs
ext2 kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
ext4 kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
f2fs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
fat kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
freevxfs don't put symlink bodies in pagecache into highmem 2015-12-08 22:41:36 -05:00
fscache FS-Cache: Handle a write to the page immediately beyond the EOF marker 2015-11-11 02:11:02 -05:00
fuse kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
gfs2 kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
hfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
hfsplus kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
hostfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
hpfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
hugetlbfs hugetlb: make mm and fs code explicitly non-modular 2016-01-14 16:00:49 -08:00
isofs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
jbd2 fs: use block_device name vsprintf helper 2016-01-06 13:03:18 -05:00
jffs2 kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
jfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
kernfs Revert "kernfs: do not account ino_ida allocations to memcg" 2016-01-14 16:00:49 -08:00
lockd Mainly smaller bugfixes and cleanup. We're still finding some bugs from 2015-11-11 20:11:28 -08:00
logfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
minix kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
ncpfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
nfs Merge branch 'akpm' (patches from Andrew) 2016-01-15 11:41:44 -08:00
nfs_common
nfsd Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-01-12 17:11:47 -08:00
nilfs2 kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
nls
notify fsnotify: destroy marks with call_srcu instead of dedicated thread 2016-01-14 16:00:49 -08:00
ntfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
ocfs2 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2016-01-15 11:51:51 -08:00
omfs
openpromfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
overlayfs switch ->get_link() to delayed_call, kill ->put_link() 2015-12-30 13:01:03 -05:00
proc mm: rework virtual memory accounting 2016-01-14 16:00:49 -08:00
pstore pstore: fix code comment to match code 2015-11-02 13:41:52 -08:00
qnx4 kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
qnx6 kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
quota quota: constify qtree_fmt_operations structures 2016-01-04 10:58:35 +01:00
ramfs don't put symlink bodies in pagecache into highmem 2015-12-08 22:41:36 -05:00
reiserfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
romfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
squashfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
sysfs platform/chrome: Branch for v4.4 2015-11-13 21:53:18 -08:00
sysv kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
tracefs tracefs: Fix refcount imbalance in start_creating() 2015-11-04 22:13:45 -05:00
ubifs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
udf Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2016-01-15 11:51:51 -08:00
ufs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
xfs kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
Kconfig File locking related changes for v4.5 (pile #1) 2016-01-12 15:46:17 -08:00
Kconfig.binfmt
Makefile ext4: promote ext4 over ext2 in the default probe order 2015-10-15 10:33:21 -04:00
aio.c mm: move ->mremap() from file_operations to vm_operations_struct 2015-09-04 16:54:41 -07:00
anon_inodes.c
attr.c
bad_inode.c fs/bad_inode.c: is_bad_inode can be boolean 2015-12-06 21:17:14 -05:00
binfmt_aout.c
binfmt_elf.c Merge branch 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-11-11 09:45:24 -08:00
binfmt_elf_fdpic.c libnvdimm for 4.4: 2015-11-10 12:07:22 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
block_dev.c fs/block_dev.c:bdev_write_page(): use blk_queue_enter(..., GFP_NOIO) 2016-01-14 16:00:49 -08:00
buffer.c fs: use block_device name vsprintf helper 2016-01-06 13:03:18 -05:00
char_dev.c
compat.c saner calling conventions for copy_mount_options() 2016-01-04 10:28:32 -05:00
compat_binfmt_elf.c
compat_ioctl.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-01-12 17:11:47 -08:00
coredump.c coredump: Use 64bit time for unix time of coredump 2015-12-06 21:17:17 -05:00
dax.c dax: disable pmd mappings 2015-11-16 23:54:45 -08:00
dcache.c kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
dcookies.c
direct-io.c fix the regression from "direct-io: Fix negative return from dio read beyond eof" 2015-12-08 15:02:42 -05:00
drop_caches.c
eventfd.c Documentation: filesystem: Fix typo in fs/eventfd.c 2015-12-08 14:52:03 +01:00
eventpoll.c
exec.c don't carry MAY_OPEN in op->acc_mode 2016-01-04 10:28:40 -05:00
fcntl.c fcntl: allow to set O_DIRECT flag on pipe 2016-01-09 02:55:37 -05:00
fhandle.c
file.c kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
file_table.c
filesystems.c find_filesystem(): simplify comparison 2016-01-19 12:02:23 -05:00
fs-writeback.c fs: fix writeback.c kernel-doc warnings 2015-11-11 02:18:27 -05:00
fs_pin.c
fs_struct.c
inode.c kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
internal.h Merge branch 'for-linus' into work.misc 2016-01-08 21:20:11 -05:00
ioctl.c Merge branch 'work.copy_file_range' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-01-12 16:30:34 -08:00
libfs.c switch ->get_link() to delayed_call, kill ->put_link() 2015-12-30 13:01:03 -05:00
locks.c Merge branch 'work.copy_file_range' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-01-12 16:30:34 -08:00
mbcache.c
mount.h
mpage.c mm, fs: introduce mapping_gfp_constraint() 2015-11-06 17:50:42 -08:00
namei.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-01-12 17:11:47 -08:00
namespace.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-01-12 17:11:47 -08:00
no-block.c
nsfs.c fs/seq_file: convert int seq_vprint/seq_printf/etc... returns to void 2015-09-11 15:21:34 -07:00
open.c don't carry MAY_OPEN in op->acc_mode 2016-01-04 10:28:40 -05:00
pipe.c pipe: limit the per-user amount of pages allocated in pipes 2016-01-19 19:25:21 -05:00
pnode.c
pnode.h
posix_acl.c xattr handlers: Simplify list operation 2015-12-13 19:46:12 -05:00
proc_namespace.c vfs: show_vfsstat: remove redundant initialization and check of error code 2015-12-06 21:17:16 -05:00
read_write.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-01-12 17:11:47 -08:00
readdir.c
select.c poll: plug an unused argument to do_poll 2016-01-06 08:26:52 -05:00
seq_file.c fs, seqfile: always allow oom killer 2015-11-06 17:50:42 -08:00
signalfd.c
splice.c fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE 2016-01-09 02:55:35 -05:00
stack.c
stat.c fs/stat.c: remove unnecessary new_valid_dev() check 2015-11-09 15:11:24 -08:00
statfs.c
super.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2016-01-14 17:04:19 -08:00
sync.c fs/sync.c: make sync_file_range(2) use WB_SYNC_NONE writeback 2015-11-06 17:50:42 -08:00
timerfd.c
userfaultfd.c userfaultfd: revert "userfaultfd: waitqueue: add nr wake parameter to __wake_up_locked_key" 2015-09-22 15:09:53 -07:00
utimes.c
xattr.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-01-12 17:11:47 -08:00