Re: DoS using tmpfs

Christoph Rohland (cr@sap.com)
13 Jun 2001 09:04:51 +0200


Hi Pavel,

On Fri, 8 Jun 2001, Pavel Roskin wrote:
> Hello!
>
> It appears that a system with tmpfs mounted with the default (!!!)
> parameters can be used by ordinary users to make the system
> non-functional.

...

> 1) tmpfs, as opposed to ramfs doesn't limit the usage by
> default. It's not a good default for a filesystem designed for
> temporary files.

Yes, use the size parameter. And no, ramfs has no resource limits in
the stock kernel at all. In -ac it limits to half the size of the
physical RAM unconditionally. But that's not useful for tmpfs simce
this uses swap also. So it is the admins task to add a size
parameter. I would love to add a size paramater in percent of virtual
memory but this would need some changes in the swapon/off coding.

> 2) Not delivering SIGINT to processes is probably not the best
> behavior if the memory if low. However, one could argue that some
> processes would use even more resources if they get control with
> SIGINT.
>
> 3) All swap in the system was exhausted and yet tmpfs didn't return
> ENOSPC to "dd".

That the kernel locks up is IMHO a mm fault. tmpfs allocates its pages
with GFP_USER and will return an error if this fails. Apparently it
never fails but locks up.

Greetings
Christoph

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/