Re: [linux-alert] Re: Insufficient allocations in net/unix/garbage.c

Erik Corry (erik@arbat.com)
Thu, 4 Dec 1997 07:52:59 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David E. Fox: "2.1.65: error with kerneld"
Previous message: Josh Beck: "VFS: No free inodes - contact Linus"
In reply to: Alan Cox: "Re: Insufficient allocations in net/unix/garbage.c"

On Wed, Dec 03, 1997 at 10:36:03PM +0000, Alan Cox wrote:
> > program which opens up a large number of unix domain sockets, eventually
> > causing a kernel panic in the garbage collection routines (which test for
> > this limit and panic if hit); on systems which have NR_FILE (or
> > /proc/sys/kernel/file-max) set to a value larger than 1024 or so. The
>
> Yep. I know about this. The as shipped systems are all fine, if you up
> it you need to change it.

Not sure what you mean by this. The posted exploit reliably
crashes my unmodified 2.0.32 from user mode.

> > ! stack=(unix_socket **)kmalloc(max_stack * sizeof(unix_socket **),
> > ! GFP_KERNEL);
>
> This is not good. With a very large set of fd's you can now have the kmalloc
> hang forever deadlocking the fd recovery. Use vmalloc and your idea is
> correct.
>
> (see 2.1.x)

Does this mean that if you _haven't_ increased NR_FILE, the
patch works? Otherwise, does anyone have a ready-to-apply
patch that fixes this for 2.0?

-- 
Erik Corry erik@arbat.com

Next message: David E. Fox: "2.1.65: error with kerneld"
Previous message: Josh Beck: "VFS: No free inodes - contact Linus"
In reply to: Alan Cox: "Re: Insufficient allocations in net/unix/garbage.c"