• E
    af_unix: limit unix_tot_inflight · 9915672d
    Eric Dumazet 提交于
    Vegard Nossum found a unix socket OOM was possible, posting an exploit
    program.
    
    My analysis is we can eat all LOWMEM memory before unix_gc() being
    called from unix_release_sock(). Moreover, the thread blocked in
    unix_gc() can consume huge amount of time to perform cleanup because of
    huge working set.
    
    One way to handle this is to have a sensible limit on unix_tot_inflight,
    tested from wait_for_unix_gc() and to force a call to unix_gc() if this
    limit is hit.
    
    This solves the OOM and also reduce overall latencies, and should not
    slowdown normal workloads.
    Reported-by: NVegard Nossum <vegard.nossum@gmail.com>
    Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    9915672d
garbage.c 10.3 KB