From: Hideo AOKI <haoki@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Satoshi OSHIMA <satoshi.oshima.fk@hitachi.com>,
David Miller <davem@davemloft.net>,
netdev <netdev@vger.kernel.org>,
Hideo AOKI <hideo.aoki.tk@hitachi.com>,
Yumiko SUGITA <yumiko.sugita.yf@hitachi.com>,
Andi Kleen <andi@firstfloor.org>,
Evgeniy Polyakov <johnpol@2ka.mipt.ru>,
Stephen Hemminger <shemminger@linux-foundation.org>,
yoshfuji@linux-ipv6.org
Subject: Re: [PATCH 4/4] UDP memory accounting and limitation(take 5): memory limitation
Date: Wed, 17 Oct 2007 00:06:40 -0400 [thread overview]
Message-ID: <47158A50.90905@redhat.com> (raw)
In-Reply-To: <20071015104306.GA30828@gondor.apana.org.au>
Herbert Xu wrote:
> On Fri, Oct 12, 2007 at 09:11:27PM +0900, Satoshi OSHIMA wrote:
>> +static inline int __ip_check_max_skb_pages(struct sock *sk, int size)
>> +{
>> + switch(sk->sk_protocol) {
>> + case IPPROTO_UDP:
>> + if (sk->sk_prot->sysctl_mem[0] > UDP_MIN_SKB_PAGES)
>> + if (atomic_read(sk->sk_prot->memory_allocated)+size
>> + >= sk->sk_prot->sysctl_mem[0])
>> + return -ENOBUFS;
>> + /* Fall through */
>> + default:
>> + break;
>> + }
>> + return 0;
>> +}
>
> Since you're not doing a per-user limit, you must give each
> socket a minimum even when the total exceeds your threshold.
>
> Otherwise any local user can trivially DoS the whole system.
>
>> +UDP variables:
>> +
>> +udp_mem - INTERGER
>> + Number of pages allowed for queueing by all UDP sockets.
>> + Minimal value is 4096. If 4096 is set, UDP memory will not
>> + be limited.
>> + Default: 4096
>
> This seems to be a rather confusing setup. We don't set a
> minimum for TCP so is this really necessary?
Hello Herbert,
Thank you so much for your comments.
I'm going to fix them in next take patch set.
Regards,
Hideo
--
Hitachi Computer Products (America) Inc.
next prev parent reply other threads:[~2007-10-17 4:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-12 12:00 [PATCH 0/4]UDP memory accounting and limitation(take 5) Satoshi OSHIMA
2007-10-12 12:01 ` [PATCH 1/4] UDP memory accounting and limitation(take 5): fix send buffer check Satoshi OSHIMA
2007-10-12 12:07 ` [PATCH 2/4] UDP memory accounting and limitation(take 5): accounting unit and variable Satoshi OSHIMA
2007-10-12 12:10 ` [PATCH 3/4] UDP memory accounting and limitation(take 5): memory accounting Satoshi OSHIMA
2007-10-12 12:11 ` [PATCH 4/4] UDP memory accounting and limitation(take 5): memory limitation Satoshi OSHIMA
2007-10-15 10:43 ` Herbert Xu
2007-10-17 4:06 ` Hideo AOKI [this message]
2007-10-17 4:23 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47158A50.90905@redhat.com \
--to=haoki@redhat.com \
--cc=andi@firstfloor.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=hideo.aoki.tk@hitachi.com \
--cc=johnpol@2ka.mipt.ru \
--cc=netdev@vger.kernel.org \
--cc=satoshi.oshima.fk@hitachi.com \
--cc=shemminger@linux-foundation.org \
--cc=yoshfuji@linux-ipv6.org \
--cc=yumiko.sugita.yf@hitachi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.