[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 0/2] virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-
|
From: |
Stefan Hajnoczi |
|
Subject: |
[PATCH v2 0/2] virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-10717) |
|
Date: |
Fri, 1 May 2020 15:06:42 +0100 |
This patch series introduces the --rlimit-nofile=NUM option for setting the
number of open files on the virtiofsd process. This gives users and management
tools more control over resource limits.
Previously it was possible for FUSE clients on machines with less than ~10 GB
of RAM to exhaust the system-wide open file limit. This is a denial of service
attack against other processes running on the host.
This patch series updates the default RLIMIT_NOFILE calculation to take the
fs.file-max sysctl value into account. This solves the fs.file-max DoS.
Stefan Hajnoczi (2):
virtiofsd: add --rlimit-nofile=NUM option
virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
tools/virtiofsd/fuse_lowlevel.h | 1 +
tools/virtiofsd/helper.c | 47 ++++++++++++++++++++++++++++++++
tools/virtiofsd/passthrough_ll.c | 22 ++++++---------
3 files changed, 56 insertions(+), 14 deletions(-)
--
2.25.3
- [PATCH v2 0/2] virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-10717),
Stefan Hajnoczi <=