Re: [PATCH 2/3] exec: let do_coredump limit the number ofconcurrent dumps to pipes (v9)

[Randy Dunlap]

On Mon, 20 Jul 2009 12:29:01 -0400 Neil Horman wrote:

> core_pattern: Introduce core pipe limiting sysctl
> 
> Since we can dump cores to pipe, rather than directly to the filesystem, we
> create a condition in which a user can create a very high load on the system
> simply by running bad applications.  If the pipe reader specified in
> core_pattern is poorly written, we can have lots of ourstandig resources and
> processes in the system.  This sysctl introduces an ability to limit that
> resource consumption.  core_pipe_limit defines how many in-flight dumps may be
> run in parallel, dumps beyond this value are skipped and a note is made in the
> kernel log.  A special value of 0 in core_pipe_limit denotes unlimited core
> dumps may be handled (this is the default value).
> 
> Signed-off-by: Neil Horman <nhorman@xxxxxxxxxxxxx>
> Reported-by: Earl Chew <earl_chew@xxxxxxxxxxx>
> 
> 
>  Documentation/sysctl/kernel.txt |   22 ++++++++++++++++++++++
>  fs/exec.c                       |   25 +++++++++++++++++++------
>  kernel/sysctl.c                 |    9 +++++++++
>  3 files changed, 50 insertions(+), 6 deletions(-)
> 
> diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
> index 382cfd8..7706b6a 100644
> --- a/Documentation/sysctl/kernel.txt
> +++ b/Documentation/sysctl/kernel.txt
> @@ -21,6 +21,7 @@ show up in /proc/sys/kernel:
>  - acct
>  - auto_msgmni
>  - core_pattern
> +- core_pipe_limit
>  - core_uses_pid
>  - ctrl-alt-del
>  - dentry-state
> @@ -119,6 +120,27 @@ core_pattern is used to specify a core dumpfile pattern name.
>  
>  ==============================================================
>  
> +core_pipe_limit:
> +
> +This sysctl is only applicable when core_pattern is configured to pipe core
> +files to user space helper a (when the first character of core_pattern is a '|',

         to a user space helper (

> +see above).  When collecting cores via a pipe to an application, it is
> +occasionally usefull for the collecting application to gather data about the

                useful

> +crashing process from its /proc/pid directory.  In order to do this safely, the
> +kernel must wait for the collecting process to exit, so as not to remove the
> +crashing processes proc files prematurely.  This in turn creates the possibility

            process's (?)

> +that a misbehaving userspace collecting process can block the reaping of a
> +crashed process simply by never exiting.  This sysctl defends against that.  It
> +defines how many concurrent crashing processes may be piped to user space
> +applications in parallel.  If this value is exceeded, then those crashing
> +processes above that value are noted via the kernel log and their cores are
> +skipped.  0 is a special value, indicating that unlimited processes may be
> +captured in parallel, but that no waiting will take place (i.e. the collecting
> +process is not guaranteed access to /proc/<crahing pid>/).  This value defaults

                                             <crashing pid>

> +to 0.
> +
> +==============================================================
> +
>  core_uses_pid:
>  
>  The default coredump filename is "core".  By setting


---
~Randy
LPC 2009, Sept. 23-25, Portland, Oregon
http://linuxplumbersconf.org/2009/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/