• T
    UNIX: Do not loop forever at unix_autobind(). · 8df73ff9
    Tetsuo Handa 提交于
    We assumed that unix_autobind() never fails if kzalloc() succeeded.
    But unix_autobind() allows only 1048576 names. If /proc/sys/fs/file-max is
    larger than 1048576 (e.g. systems with more than 10GB of RAM), a local user can
    consume all names using fork()/socket()/bind().
    
    If all names are in use, those who call bind() with addr_len == sizeof(short)
    or connect()/sendmsg() with setsockopt(SO_PASSCRED) will continue
    
      while (1)
            yield();
    
    loop at unix_autobind() till a name becomes available.
    This patch adds a loop counter in order to give up after 1048576 attempts.
    
    Calling yield() for once per 256 attempts may not be sufficient when many names
    are already in use, for __unix_find_socket_byname() can take long time under
    such circumstance. Therefore, this patch also adds cond_resched() call.
    
    Note that currently a local user can consume 2GB of kernel memory if the user
    is allowed to create and autobind 1048576 UNIX domain sockets. We should
    consider adding some restriction for autobind operation.
    Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    8df73ff9
af_unix.c 53.0 KB