Andrea Righi wrote:
> Robin Holt wrote:
>> On Fri, May 18, 2007 at 09:50:03AM +0200, Andrea Righi wrote:
>>> Rik van Riel wrote:
>>>> Andrea Righi wrote:
>>>>> I'm looking for a way to keep track of the processes that fail to
>>>>> allocate new
>>>>> virtual memory. What do you think about the following approach
>>>>> (untested)?
>>>> Looks like an easy way for users to spam syslogd over and
>>>> over and over again.
>>>>
>>>> At the very least, shouldn't this be dependant on print_fatal_signals?
>>>>
>>> Anyway, with print-fatal-signals enabled a user could spam syslogd too,
>>> simply
>>> with a (char *)0 = 0 program, but we could always identify the spam attempts
>>> logging the process uid...
>>>
>>> In any case, I agree, it should depend on that patch...
>>>
>>> What about adding a simple msleep_interruptible(SOME_MSECS) at the end of
>>> log_vm_enomem() or, at least, a might_sleep() to limit the potential
>>> spam/second
>>> rate?
>> An msleep will slow down this process, but do nothing about slowing
>> down the amount of logging. Simply fork a few more processes and all
>> you are doing with msleep is polluting the pid space.
>>
>
> Very true.
>
>> What about a throttling similar to what ia64 does for floating point
>> assist faults (handle_fpu_swa()). There is a thread flag to not log
>> the events at all. It is rate throttled globally, but uses per cpu
>> variables for early exits. This algorithm scaled well to a thousand
>> cpus.
>
> Actually using printk_ratelimit() should be enough... BTW
> print_fatal_signals()
> should use it too.
>
I mean, something like this...
---
Limit the rate of the printk()s in print_fatal_signal() to avoid potential DoS
problems.
Signed-off-by: Andrea Righi <[EMAIL PROTECTED]>
diff -urpN linux-2.6.22-rc1-mm1/kernel/signal.c
linux-2.6.22-rc1-mm1-limit-print_fatal_signals-rate/kernel/signal.c
--- linux-2.6.22-rc1-mm1/kernel/signal.c 2007-05-18 17:48:55.000000000
+0200
+++ linux-2.6.22-rc1-mm1-limit-print_fatal_signals-rate/kernel/signal.c
2007-05-18 17:58:13.000000000 +0200
@@ -790,6 +790,9 @@ static void print_vmas(void)
static void print_fatal_signal(struct pt_regs *regs, int signr)
{
+ if (unlikely(!printk_ratelimit()))
+ return;
+
printk("%s/%d: potentially unexpected fatal signal %d.\n",
current->comm, current->pid, signr);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
