lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 18 May 2007 18:05:11 +0200 (MEST)
From:	Andrea Righi <>
To:	Robin Holt <>
Cc:	Rik van Riel <>,
	LKML <>,,
	Ingo Molnar <>,
	Andrew Morton <>
Subject: Re: [RFC] log out-of-virtual-memory events

Andrea Righi wrote:
> Robin Holt wrote:
>> On Fri, May 18, 2007 at 09:50:03AM +0200, Andrea Righi wrote:
>>> Rik van Riel wrote:
>>>> Andrea Righi wrote:
>>>>> I'm looking for a way to keep track of the processes that fail to
>>>>> allocate new
>>>>> virtual memory. What do you think about the following approach
>>>>> (untested)?
>>>> Looks like an easy way for users to spam syslogd over and
>>>> over and over again.
>>>> At the very least, shouldn't this be dependant on print_fatal_signals?
>>> Anyway, with print-fatal-signals enabled a user could spam syslogd too, simply
>>> with a (char *)0 = 0 program, but we could always identify the spam attempts
>>> logging the process uid...
>>> In any case, I agree, it should depend on that patch...
>>> What about adding a simple msleep_interruptible(SOME_MSECS) at the end of
>>> log_vm_enomem() or, at least, a might_sleep() to limit the potential spam/second
>>> rate?
>> An msleep will slow down this process, but do nothing about slowing
>> down the amount of logging.  Simply fork a few more processes and all
>> you are doing with msleep is polluting the pid space.
> Very true.
>> What about a throttling similar to what ia64 does for floating point
>> assist faults (handle_fpu_swa()).  There is a thread flag to not log
>> the events at all.  It is rate throttled globally, but uses per cpu
>> variables for early exits.  This algorithm scaled well to a thousand
>> cpus.
> Actually using printk_ratelimit() should be enough... BTW print_fatal_signals()
> should use it too.

I mean, something like this...


Limit the rate of the printk()s in print_fatal_signal() to avoid potential DoS

Signed-off-by: Andrea Righi <>

diff -urpN linux-2.6.22-rc1-mm1/kernel/signal.c linux-2.6.22-rc1-mm1-limit-print_fatal_signals-rate/kernel/signal.c
--- linux-2.6.22-rc1-mm1/kernel/signal.c	2007-05-18 17:48:55.000000000 +0200
+++ linux-2.6.22-rc1-mm1-limit-print_fatal_signals-rate/kernel/signal.c	2007-05-18 17:58:13.000000000 +0200
@@ -790,6 +790,9 @@ static void print_vmas(void)
 static void print_fatal_signal(struct pt_regs *regs, int signr)
+	if (unlikely(!printk_ratelimit()))
+		return;
 	printk("%s/%d: potentially unexpected fatal signal %d.\n",
 		current->comm, current->pid, signr);
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists