[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 0/2] virtiofsd: stay under fs.file-max sysctl limit (CVE-2
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [PATCH v2 0/2] virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-10717) |
Date: |
Fri, 1 May 2020 18:42:33 +0100 |
User-agent: |
Mutt/1.13.4 (2020-02-15) |
* Stefan Hajnoczi (address@hidden) wrote:
> This patch series introduces the --rlimit-nofile=NUM option for setting the
> number of open files on the virtiofsd process. This gives users and
> management
> tools more control over resource limits.
>
> Previously it was possible for FUSE clients on machines with less than ~10 GB
> of RAM to exhaust the system-wide open file limit. This is a denial of
> service
> attack against other processes running on the host.
>
> This patch series updates the default RLIMIT_NOFILE calculation to take the
> fs.file-max sysctl value into account. This solves the fs.file-max DoS.
Queued.
> Stefan Hajnoczi (2):
> virtiofsd: add --rlimit-nofile=NUM option
> virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
>
> tools/virtiofsd/fuse_lowlevel.h | 1 +
> tools/virtiofsd/helper.c | 47 ++++++++++++++++++++++++++++++++
> tools/virtiofsd/passthrough_ll.c | 22 ++++++---------
> 3 files changed, 56 insertions(+), 14 deletions(-)
>
> --
> 2.25.3
>
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK