mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-28 11:18:45 +07:00
29e44f4535
Impose a limit on the number of watches that a user can hold so that
they can't use this mechanism to fill up all the available memory.
This is done by putting a counter in user_struct that's incremented when
a watch is allocated and decreased when it is released. If the number
exceeds the RLIMIT_NOFILE limit, the watch is rejected with EAGAIN.
This can be tested by the following means:
(1) Create a watch queue and attach it to fd 5 in the program given - in
this case, bash:
keyctl watch_session /tmp/nlog /tmp/gclog 5 bash
(2) In the shell, set the maximum number of files to, say, 99:
ulimit -n 99
(3) Add 200 keyrings:
for ((i=0; i<200; i++)); do keyctl newring a$i @s || break; done
(4) Try to watch all of the keyrings:
for ((i=0; i<200; i++)); do echo $i; keyctl watch_add 5 %:a$i || break; done
This should fail when the number of watches belonging to the user hits
99.
(5) Remove all the keyrings and all of those watches should go away:
for ((i=0; i<200; i++)); do keyctl unlink %:a$i; done
(6) Kill off the watch queue by exiting the shell spawned by
watch_session.
Fixes: c73be61ced ("pipe: Add general notification queue support")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
65 lines
1.8 KiB
C
65 lines
1.8 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _LINUX_SCHED_USER_H
|
|
#define _LINUX_SCHED_USER_H
|
|
|
|
#include <linux/uidgid.h>
|
|
#include <linux/atomic.h>
|
|
#include <linux/refcount.h>
|
|
#include <linux/ratelimit.h>
|
|
|
|
/*
|
|
* Some day this will be a full-fledged user tracking system..
|
|
*/
|
|
struct user_struct {
|
|
refcount_t __count; /* reference count */
|
|
atomic_t processes; /* How many processes does this user have? */
|
|
atomic_t sigpending; /* How many pending signals does this user have? */
|
|
#ifdef CONFIG_FANOTIFY
|
|
atomic_t fanotify_listeners;
|
|
#endif
|
|
#ifdef CONFIG_EPOLL
|
|
atomic_long_t epoll_watches; /* The number of file descriptors currently watched */
|
|
#endif
|
|
#ifdef CONFIG_POSIX_MQUEUE
|
|
/* protected by mq_lock */
|
|
unsigned long mq_bytes; /* How many bytes can be allocated to mqueue? */
|
|
#endif
|
|
unsigned long locked_shm; /* How many pages of mlocked shm ? */
|
|
unsigned long unix_inflight; /* How many files in flight in unix sockets */
|
|
atomic_long_t pipe_bufs; /* how many pages are allocated in pipe buffers */
|
|
|
|
/* Hash table maintenance information */
|
|
struct hlist_node uidhash_node;
|
|
kuid_t uid;
|
|
|
|
#if defined(CONFIG_PERF_EVENTS) || defined(CONFIG_BPF_SYSCALL) || \
|
|
defined(CONFIG_NET) || defined(CONFIG_IO_URING)
|
|
atomic_long_t locked_vm;
|
|
#endif
|
|
#ifdef CONFIG_WATCH_QUEUE
|
|
atomic_t nr_watches; /* The number of watches this user currently has */
|
|
#endif
|
|
|
|
/* Miscellaneous per-user rate limit */
|
|
struct ratelimit_state ratelimit;
|
|
};
|
|
|
|
extern int uids_sysfs_init(void);
|
|
|
|
extern struct user_struct *find_user(kuid_t);
|
|
|
|
extern struct user_struct root_user;
|
|
#define INIT_USER (&root_user)
|
|
|
|
|
|
/* per-UID process charging. */
|
|
extern struct user_struct * alloc_uid(kuid_t);
|
|
static inline struct user_struct *get_uid(struct user_struct *u)
|
|
{
|
|
refcount_inc(&u->__count);
|
|
return u;
|
|
}
|
|
extern void free_uid(struct user_struct *);
|
|
|
|
#endif /* _LINUX_SCHED_USER_H */
|