From owner-freebsd-current  Wed Feb 16 13:18:22 2000
Delivered-To: freebsd-current@freebsd.org
Received: from builder.freebsd.org (builder.FreeBSD.ORG [204.216.27.24])
	by hub.freebsd.org (Postfix) with ESMTP id 03AA837B54D
	for <current@FreeBSD.org>; Wed, 16 Feb 2000 13:18:20 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by builder.freebsd.org (Postfix) with ESMTP id D4ACC132DD
	for <current@FreeBSD.org>; Wed, 16 Feb 2000 13:17:36 -0800 (PST)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id NAA54097;
	Wed, 16 Feb 2000 13:18:13 -0800 (PST)
	(envelope-from dillon)
Date: Wed, 16 Feb 2000 13:18:13 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200002162118.NAA54097@apollo.backplane.com>
To: current@FreeBSD.org
Subject: Heads up, vm.max_proc_mmap sysctl added
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

    This deals with a mmap+fork bomb that can cause the kernel to 
    eat all of KVM in vm_map_entry structures.  The default limit
    should be set generously enough for people using the current
    FreeBSD threads incarnation (and isn't an issue w/ linux
    threads due to rfork resulting in scaling of the limit for the
    shared address space).

    Heads up in case a heavy threads programmer sees something I missed.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

:dillon      2000/02/16 13:11:37 PST
:
:  Modified files:
:    sys/kern             kern_malloc.c 
:    sys/sys              kernel.h 
:    sys/vm               vm_kern.h vm_map.c vm_mmap.c 
:    lib/libc/sys         mmap.2 
:  Log:
:      Fix null-pointer dereference crash when the system is intentionally
:      run out of KVM through a mmap()/fork() bomb that allocates hundreds
:      of thousands of vm_map_entry structures.
:  
:      Add panic to make null-pointer dereference crash a little more verbose.
:  
:      Add a new sysctl, vm.max_proc_mmap, which specifies the maximum number
:      of mmap()'d spaces (discrete vm_map_entry's in the process).  The value
:      defaults to around 9000 for a 128MB machine.  The test is scaled for the
:      number of processes sharing a vmspace (aka linux threads).  Setting
:      the value to 0 disables the feature.
:  
:  PR: kern/16573
:  Approved by: jkh
:  
:  Revision  Changes    Path
:  1.64      +3 -2      src/sys/kern/kern_malloc.c
:  1.62      +2 -1      src/sys/sys/kernel.h
:  1.22      +2 -1      src/sys/vm/vm_kern.h
:  1.186     +8 -2      src/sys/vm/vm_map.c
:  1.107     +43 -5     src/sys/vm/vm_mmap.c
:  1.20      +3 -2      src/lib/libc/sys/mmap.2


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message