From owner-freebsd-hackers  Sun Feb 17 18:47:21 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87])
	by hub.freebsd.org (Postfix) with ESMTP id 52DE137B400
	for <freebsd-hackers@FreeBSD.ORG>; Sun, 17 Feb 2002 18:47:18 -0800 (PST)
Received: from peter3.wemm.org ([12.232.27.13]) by rwcrmhc54.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020218024715.PBAC1214.rwcrmhc54.attbi.com@peter3.wemm.org>
          for <freebsd-hackers@FreeBSD.ORG>;
          Mon, 18 Feb 2002 02:47:15 +0000
Received: from overcee.wemm.org (overcee.wemm.org [10.0.0.3])
	by peter3.wemm.org (8.11.0/8.11.0) with ESMTP id g1I2lFs30935
	for <freebsd-hackers@FreeBSD.ORG>; Sun, 17 Feb 2002 18:47:15 -0800 (PST)
	(envelope-from peter@wemm.org)
Received: from wemm.org (localhost [127.0.0.1])
	by overcee.wemm.org (Postfix) with ESMTP
	id E79393809; Sun, 17 Feb 2002 18:47:14 -0800 (PST)
	(envelope-from peter@wemm.org)
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Mike Silbersack <silby@silby.com>
Cc: Gaspar Chilingarov <nm@web.am>, freebsd-hackers@FreeBSD.ORG
Subject: Re: fork rate limit 
In-Reply-To: <20020214142702.P11847-200000@patrocles.silby.com> 
Date: Sun, 17 Feb 2002 18:47:14 -0800
From: Peter Wemm <peter@wemm.org>
Message-Id: <20020218024714.E79393809@overcee.wemm.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Mike Silbersack wrote:

> 2.  Limit the number of procs to an appropriate number.  Previously, it
> was easy to set maxproc overly high by setting a large maxusers value.
> With this change, proc-related structures will only be able to consume
> about 1/2 of all system memory.  Without this limitation, a high maxusers
> setting and a forkbomb could easily consume all system memory, leaving
> virtually no chance for the system to recover.

+	/*
 	 * The following can be overridden after boot via sysctl.  Note:
 	 * unless overriden, these macros are ultimately based on maxusers.
 	 */
 	maxproc = NPROC;
 	TUNABLE_INT_FETCH("kern.maxproc", &maxproc);
+	if (maxproc > automaxproc)
+		maxproc = automaxproc;
 	maxfiles = MAXFILES;
 	TUNABLE_INT_FETCH("kern.maxfiles", &maxfiles);

No.  Root's overrides come *after* automagic settings, regardless of how
well intentioned the settings are.

If you are going to do this, it should be something along the lines of:
	maxproc = NPROC;
	if (maxproc > automaxproc)
		maxproc = automaxproc;
	TUNABLE_INT_FETCH("kern.maxproc", &maxproc);
Even this isn't quite right, because NPROC may be a compile option
which must be respected.  The default #define NPROC may need adjusting.

Cheers,
-Peter
--
Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
"All of this is for nothing if we don't go to the stars" - JMS/B5


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message