From owner-cvs-all Sat Sep 29 6:46:43 2001 Delivered-To: cvs-all@freebsd.org Received: from prism.flugsvamp.com (cb58709-a.mdsn1.wi.home.com [24.17.241.9]) by hub.freebsd.org (Postfix) with ESMTP id 91B9137B40D; Sat, 29 Sep 2001 06:46:32 -0700 (PDT) Received: (from jlemon@localhost) by prism.flugsvamp.com (8.11.0/8.11.0) id f8TDhkV44513; Sat, 29 Sep 2001 08:43:46 -0500 (CDT) (envelope-from jlemon) Date: Sat, 29 Sep 2001 08:43:46 -0500 From: Jonathan Lemon To: Ian Dowse Cc: Jonathan Lemon , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_event.c Message-ID: <20010929084346.W9056@prism.flugsvamp.com> References: <200109290600.f8T60o869371@freefall.freebsd.org> <200109291106.aa82996@salmon.maths.tcd.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <200109291106.aa82996@salmon.maths.tcd.ie> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Sep 29, 2001 at 11:06:36AM +0100, Ian Dowse wrote: > In message <200109290600.f8T60o869371@freefall.freebsd.org>, Jonathan Lemon wri > tes: > >jlemon 2001/09/28 23:00:50 PDT > > MFC: r.1.28; EVFILT_TIMER. > > Cool, but it appears that you haven't dealt with the problem of > timeout() allocating only from the small `callfree' list: > > /* Fill in the next free callout structure. */ > new = SLIST_FIRST(&callfree); > if (new == NULL) > /* XXX Attempt to malloc first */ > panic("timeout table full"); > > All the other kevent filters seem to be tied to some limited/limitable > resource (processes, file descriptors, signals) so creating an > arbitrary number of them is not possible. With EVFILT_TIMER, there > is no such limit, so any user can trivially run the system out of > callouts (ncallouts is typically ~2000). Using the callout_* > interface instead helps a lot (I sent you patches for this some > time ago), but any user can still run the system out of kernel > memory and fill the callout wheel with millions of timers. > > I really dislike seeing the addition of new ways for any local user > to crash the system, especially in RELENG_4. Even an arbitrary > limit set by a kern.maxkqtimersperproc sysctl, together with using > the callout_* interface, would make this a non-issue. Maybe > EVFILT_TIMER should be disabled in RELENG_4 for now until this > issue is resolved? I did hold the EVFILT_TIMER implementation out of -RELEASE for this reason, but have since gotten several MFC requests. I'll work on a fix for this today. -- Jonathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message