git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	Sat, 4 Sep 2010 01:34:28 +0000 (01:34 +0000)
committer	Greg Kroah-Hartman <gregkh@suse.de>
	Mon, 27 Sep 2010 00:21:21 +0000 (17:21 -0700)
commit	0987a43dadd8a45843c906d674221b180488e42d
tree	cc8f757865e2d6a3873421d66231cc689420dcc0	tree \| snapshot
parent	36f2140e8f572790a71899e9db7ff6f2986987cd	commit \| diff

UNIX: Do not loop forever at unix_autobind().

[ Upstream commit a9117426d0fcc05a194f728159a2d43df43c7add ]

We assumed that unix_autobind() never fails if kzalloc() succeeded.
But unix_autobind() allows only 1048576 names. If /proc/sys/fs/file-max is
larger than 1048576 (e.g. systems with more than 10GB of RAM), a local user can
consume all names using fork()/socket()/bind().

If all names are in use, those who call bind() with addr_len == sizeof(short)
or connect()/sendmsg() with setsockopt(SO_PASSCRED) will continue

while (1)
yield();

loop at unix_autobind() till a name becomes available.
This patch adds a loop counter in order to give up after 1048576 attempts.

Calling yield() for once per 256 attempts may not be sufficient when many names
are already in use, for __unix_find_socket_byname() can take long time under
such circumstance. Therefore, this patch also adds cond_resched() call.

Note that currently a local user can consume 2GB of kernel memory if the user
is allowed to create and autobind 1048576 UNIX domain sockets. We should
consider adding some restriction for autobind operation.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>