Herbert Xu wrote: > On Fri, Sep 28, 2007 at 09:51:59PM -0700, David Miller wrote: >> There is a per-socket send buffer limit, and there is a per-user open >> file descriptor limit. Multiply the two to determine how much system >> memory the user can consume using sockets. > > We do have these limits but they're per-process, not per-user. > Unless you lock down the number of processes each user can have > to no more than a handful then this is basically useless. > > For example, let's say each socket can lock down 64K of kernel > memory (which is quite easy to do BTW, just open a TCP/UDP socket, > send data to it from another socket but keep the data in the > socket by not calling recvmsg), and that each process can have > 1024 file descriptors (the default), then each process can pin > > 64K x 1024 = 64M > > of memory. So if the user can have 10 processes, then that's > 640M of kernel memory that can be pinned down. Usually the > process limit is at least 10 times higher.
Thank you very mush for your comment. What you pointed out is my motivation to make this patch. I think that per-process limits won't help to solve this problem. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
