lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 27 Jan 2009 20:07:32 -0800
From:	Ray Lee <ray-lk@...rabbit.org>
To:	Davide Libenzi <davidel@...ilserver.org>
Cc:	Bron Gondwana <brong@...tmail.fm>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Greg KH <gregkh@...e.de>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH 1/3] epoll: increase default max_user_instances to 1024

On Tue, Jan 27, 2009 at 8:00 PM, Davide Libenzi <davidel@...ilserver.org> wrote:
> On Wed, 28 Jan 2009, Bron Gondwana wrote:
>
>> Both Postfix and Apache use an epoll instance per child, which
>> leads to significant scalability issues with max_user_instances
>> set so low.  Bump the default to 1024 so medium sized sites are
>> not impacted.
>
> NACK. Epoll allocates globally about 100 to 160 bytes (32/64 bit) for each
> file added to the interface:
>
>        for i 1..1024
>                for j 1..1024
>                        if i!=j
>                                add j -> i
>
> That's (N^2 * {100, 160}) = 100MB to 160MB of pinned kernel memory,
> explotable by simple users with untouched NFILES.
> This is the reason such limit was introduced in the first place. Again,
> for the 10th time, if you have a loaded server with multiple processes
> using epoll:
>
> $ echo NN > /proc/sys/fs/epoll/max_user_instances
>
> Note that NN does not consume any resource "per se", so if you feel
> threatened by such limit, you can go wild with it.

It's really simple. A kernel upgrade in a -stable series point release
broke a rational user-space setup. If you don't want to adjust the
defaults, then the sane thing to do is to revert the commit that
caused the grief. Postfix is everywhere. Apache is everywhere.

Userspace is not broken here, and the whole idea of a -stable series
is that administrators can upgrade to them without having to worry
about things getting broken or making specific configuration changes
by point release.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ