[PATCH 3/3] posix-timers: limit the number of posix timers per process

From: Andi Kleen
Date: Fri Jun 10 2011 - 16:14:35 EST

Next message: Andi Kleen: "[PATCH 1/3] posix-timers: remove idr_lock"
Previous message: Matthew Garrett: "Re: [PATCH 00/10] mm: Linux VM Infrastructure to support MemoryPower Management"
In reply to: Andi Kleen: "[PATCH 1/3] posix-timers: remove idr_lock"
Next in thread: Andi Kleen: "[PATCH 2/3] posix-timers: move global timer id management to signal_struct"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andi Kleen <ak@xxxxxxxxxxxxxxx>

Now this is the main reason I wrote the whole patchkit: previously
there was no limit on the maximum number of POSIX timers a process
could allocate. This limits the amount of unswappable kernel memory
a process can pin down this way.

With the POSIX timer ids being per process we can do this limit
per process now without allowing one process DoSing another.

I implemented it as a sysctl, not a rlimit for now, because
there was no clear use case for rlimit.

The 1024 default is completely arbitrary, but seems reasonable
for now.

Signed-off-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
---
Documentation/sysctl/kernel.txt | 7 +++++++
kernel/posix-timers.c | 8 ++++++++
kernel/sysctl.c | 9 +++++++++
3 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 5e7cb39..311c4b3 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -68,6 +68,7 @@ show up in /proc/sys/kernel:
- threads-max
- unknown_nmi_panic
- version
+- max_posix_timers

==============================================================

@@ -555,3 +556,9 @@ A small number of systems do generate NMI's for bizarre random reasons such as
power management so the default is off. That sysctl works like the existing
panic controls already in that directory.

+===============================================================
+
+max_posix_timers
+
+The maximum number of POSIX timer ids per process.
+
diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
index 7351e51..2d5b1f0 100644
--- a/kernel/posix-timers.c
+++ b/kernel/posix-timers.c
@@ -71,6 +71,8 @@
*/
static struct kmem_cache *posix_timers_cache;

+int sysctl_max_posix_timers __read_mostly = 1024;
+
/*
* we assume that the new SIGEV_THREAD_ID shares no bits with the other
* SIGEV values. Here we put out an error if this assumption fails.
@@ -567,6 +569,12 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock,

it_id_set = IT_ID_SET;
new_timer->it_id = (timer_t) new_timer_id;
+
+ if (new_timer_id >= sysctl_max_posix_timers) {
+ error = -EMFILE; /* better error? */
+ goto out;
+ }
+
new_timer->it_clock = which_clock;
new_timer->it_overrun = -1;

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index f175d98..d24eec6 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -108,6 +108,7 @@ extern int sysctl_nr_trim_pages;
#ifdef CONFIG_BLOCK
extern int blk_iopoll_enabled;
#endif
+extern int sysctl_max_posix_timers;

/* Constants used for minimum and maximum */
#ifdef CONFIG_LOCKUP_DETECTOR
@@ -984,6 +985,14 @@ static struct ctl_table kern_table[] = {
.proc_handler = proc_dointvec,
},
#endif
+ {
+ .procname = "max_posix_timers",
+ .data = &sysctl_max_posix_timers,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+
{ }
};

--
1.7.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "[PATCH 1/3] posix-timers: remove idr_lock"
Previous message: Matthew Garrett: "Re: [PATCH 00/10] mm: Linux VM Infrastructure to support MemoryPower Management"
In reply to: Andi Kleen: "[PATCH 1/3] posix-timers: remove idr_lock"
Next in thread: Andi Kleen: "[PATCH 2/3] posix-timers: move global timer id management to signal_struct"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]