Date: Sun, 17 Feb 2002 18:47:14 -0800 From: Peter Wemm <peter@wemm.org> To: Mike Silbersack <silby@silby.com> Cc: Gaspar Chilingarov <nm@web.am>, freebsd-hackers@FreeBSD.ORG Subject: Re: fork rate limit Message-ID: <20020218024714.E79393809@overcee.wemm.org> In-Reply-To: <20020214142702.P11847-200000@patrocles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack wrote:
> 2. Limit the number of procs to an appropriate number. Previously, it
> was easy to set maxproc overly high by setting a large maxusers value.
> With this change, proc-related structures will only be able to consume
> about 1/2 of all system memory. Without this limitation, a high maxusers
> setting and a forkbomb could easily consume all system memory, leaving
> virtually no chance for the system to recover.
+ /*
* The following can be overridden after boot via sysctl. Note:
* unless overriden, these macros are ultimately based on maxusers.
*/
maxproc = NPROC;
TUNABLE_INT_FETCH("kern.maxproc", &maxproc);
+ if (maxproc > automaxproc)
+ maxproc = automaxproc;
maxfiles = MAXFILES;
TUNABLE_INT_FETCH("kern.maxfiles", &maxfiles);
No. Root's overrides come *after* automagic settings, regardless of how
well intentioned the settings are.
If you are going to do this, it should be something along the lines of:
maxproc = NPROC;
if (maxproc > automaxproc)
maxproc = automaxproc;
TUNABLE_INT_FETCH("kern.maxproc", &maxproc);
Even this isn't quite right, because NPROC may be a compile option
which must be respected. The default #define NPROC may need adjusting.
Cheers,
-Peter
--
Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
"All of this is for nothing if we don't go to the stars" - JMS/B5
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020218024714.E79393809>