From owner-freebsd-stable@FreeBSD.ORG Sat Sep 27 22:29:22 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57BB11065689 for ; Sat, 27 Sep 2008 22:29:22 +0000 (UTC) (envelope-from ari@ish.com.au) Received: from fish.ish.com.au (eth5921.nsw.adsl.internode.on.net [59.167.240.32]) by mx1.freebsd.org (Postfix) with ESMTP id D57CD8FC2F for ; Sat, 27 Sep 2008 22:29:21 +0000 (UTC) (envelope-from ari@ish.com.au) Received: from [10.29.62.12] (port=65514) by fish.ish.com.au with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69) (envelope-from ) id 1KjicS-0003NH-2Y; Sun, 28 Sep 2008 08:50:32 +1000 Message-Id: <51E08B08-167D-4787-BC91-11FB20B6E118@ish.com.au> From: Aristedes Maniatis To: Gary Palmer In-Reply-To: <20080927221807.GE60230@in-addr.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Date: Sun, 28 Sep 2008 08:29:20 +1000 References: <98425339-23F8-4A90-8CF1-2E85DD82D857@ish.com.au> <20080927030204.GB40195@icarus.home.lan> <20080927221807.GE60230@in-addr.com> X-Mailer: Apple Mail (2.929.2) Cc: freebsd-stable Stable Subject: Re: sysctl maxfiles X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Sep 2008 22:29:22 -0000 On 28/09/2008, at 8:18 AM, Gary Palmer wrote: > At least one port recommends you set > > kern.maxfiles="40000" > > in /boot/loader.conf. I think its one of the GNOME ports. I'm pretty > confident you can run that without too many problems, and maybe go > higher, > but if you really want to know the limit its probably kernel memory > and > that will depend on your workload. I guess then I should ask the question a different way. How much memory does each fd use and which pool of memory does it come from? This is ZFS if that makes any difference. Or asked a different way, if I set the number to 200,000 and some rogue process used 190,000 fds, then what bad thing would happen to the system? If any. > Solving the fd leak is by far the safest path. Note that tracking > that many files is probably affecting your application performance > in addition to hurting the system. Absolutely. We are working on it. But general Unix principles are that a non-root user should not be able to get Unix to a non-functional state. It appears that this is a very simple path to DoS, particularly since with the default settings it is easy for one process to use up all available fds and leave no more for anyone to be able to log in. Ari Maniatis --------------------------> ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A