From: Al Viro <viro@zeniv.linux.org.uk>
To: Tiezhu Yang <yangtiezhu@loongson.cn>
Cc: Jonathan Corbet <corbet@lwn.net>,
linux-fsdevel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, Xuefeng Li <lixuefeng@loongson.cn>
Subject: Re: [PATCH 2/3] fs: Introduce cmdline argument exceed_file_max_panic
Date: Sat, 6 Jun 2020 15:28:50 +0100 [thread overview]
Message-ID: <20200606142850.GK23230@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1591425140-20613-2-git-send-email-yangtiezhu@loongson.cn>
On Sat, Jun 06, 2020 at 02:32:19PM +0800, Tiezhu Yang wrote:
> It is important to ensure that files that are opened always get closed.
> Failing to close files can result in file descriptor leaks. One common
> answer to this problem is to just raise the limit of open file handles
> and then restart the server every day or every few hours, this is not
> a good idea for long-lived servers if there is no leaks.
>
> If there exists file descriptor leaks, when file-max limit reached, we
> can see that the system can not work well and at worst the user can do
> nothing, it is even impossible to execute reboot command due to too many
> open files in system. In order to reboot automatically to recover to the
> normal status, introduce a new cmdline argument exceed_file_max_panic for
> user to control whether to call panic in this case.
What the hell? You are modifying the path for !CAP_SYS_ADMIN. IOW,
you've just handed an ability to panic the box to any non-priveleged
process.
NAK. That makes no sense whatsoever. Note that root is *NOT* affected
by any of that, so you can bloody well have a userland process running
as root and checking the number of files once in a while. And doing
whatever it wants to do, up to and including reboot/writing to
/proc/sys/sysrq-trigger, etc. Or just looking at the leaky processes
and killing them, with a nastygram along the lines of "$program appears
to be leaking descriptors; LART the authors of that FPOS if they can
be located" sent into log/over mail/etc.
next prev parent reply other threads:[~2020-06-06 14:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-06 6:32 [PATCH 1/3] fs: Use get_max_files() instead of files_stat.max_files in alloc_empty_file() Tiezhu Yang
2020-06-06 6:32 ` [PATCH 2/3] fs: Introduce cmdline argument exceed_file_max_panic Tiezhu Yang
2020-06-06 14:13 ` Matthew Wilcox
2020-06-06 14:28 ` Al Viro [this message]
2020-06-06 6:32 ` [PATCH 3/3] docs: admin-guide: Explain cmdline argument exceed_file_max_panic in fs.rst Tiezhu Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200606142850.GK23230@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=corbet@lwn.net \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lixuefeng@loongson.cn \
--cc=yangtiezhu@loongson.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).