All of lore.kernel.org
 help / color / mirror / Atom feed
From: Christoph Rohland <cr@sap.com>
To: Pavel Roskin <proski@gnu.org>
Cc: <linux-kernel@vger.kernel.org>
Subject: Re: DoS using tmpfs
Date: 13 Jun 2001 09:04:51 +0200	[thread overview]
Message-ID: <m3vgm06ess.fsf@linux.local> (raw)
In-Reply-To: <Pine.LNX.4.33.0106081755220.1324-100000@vesta.nine.com>
In-Reply-To: Pavel Roskin's message of "Fri, 8 Jun 2001 18:42:40 -0400 (EDT)"

Hi Pavel,

On Fri, 8 Jun 2001, Pavel Roskin wrote:
> Hello!
> 
> It appears that a system with tmpfs mounted with the default (!!!)
> parameters can be used by ordinary users to make the system
> non-functional.

...

> 1) tmpfs, as opposed to ramfs doesn't limit the usage by
>    default. It's not a good default for a filesystem designed for
>    temporary files.

Yes, use the size parameter. And no, ramfs has no resource limits in
the stock kernel at all. In -ac it limits to half the size of the
physical RAM unconditionally. But that's not useful for tmpfs simce
this uses swap also. So it is the admins task to add a size
parameter. I would love to add a size paramater in percent of virtual
memory but this would need some changes in the swapon/off coding.

> 2) Not delivering SIGINT to processes is probably not the best
>    behavior if the memory if low. However, one could argue that some
>    processes would use even more resources if they get control with
>    SIGINT.
> 
> 3) All swap in the system was exhausted and yet tmpfs didn't return
>    ENOSPC to "dd".

That the kernel locks up is IMHO a mm fault. tmpfs allocates its pages
with GFP_USER and will return an error if this fails. Apparently it
never fails but locks up.

Greetings
		Christoph



      reply	other threads:[~2001-06-13  7:05 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-06-08 22:42 DoS using tmpfs Pavel Roskin
2001-06-13  7:04 ` Christoph Rohland [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m3vgm06ess.fsf@linux.local \
    --to=cr@sap.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=proski@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.