Date: Thu, 14 Sep 2000 15:26:36 -0700 From: Alfred Perlstein <bright@wintelcom.net> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: Vivek Khera <khera@kciLink.com>, stable@FreeBSD.ORG Subject: Re: negative proccnt Message-ID: <20000914152635.X12231@fw.wintelcom.net> In-Reply-To: <200009142222.PAA27308@salsa.gv.tsc.tdk.com>; from Don.Lewis@tsc.tdk.com on Thu, Sep 14, 2000 at 03:22:20PM -0700 References: <14785.12095.673316.885249@onceler.kciLink.com> <200009142046.NAA26980@salsa.gv.tsc.tdk.com> <14785.15822.898420.198946@onceler.kciLink.com> <200009142207.PAA27239@salsa.gv.tsc.tdk.com> <200009142222.PAA27308@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Don Lewis <Don.Lewis@tsc.tdk.com> [000914 15:22] wrote:
> On Sep 14, 3:07pm, Don Lewis wrote:
> } Subject: Re: negative proccnt
>
> } I believe the problem is here in fork1():
> }
> } /*
> } * Increment the count of procs running with this uid. Don't allow
> } * a nonprivileged user to exceed their current limit.
> } */
> } ok = chgproccnt(p1->p_cred->p_uidinfo, 1,
> } p1->p_rlimit[RLIMIT_NPROC].rlim_cur);
> } if (uid != 0 && !ok) {
> } /*
> } * Back out the process count
> } */
> } nprocs--;
> } return (EAGAIN);
> } }
> }
> } If chgproccnt() failes because the limit would be exceeded, the
> } proccnt won't be incremented, but the following test will let
> } the fork happen anyway if uid is 0. The eventual exit() decrements
> } proccnt and may result in an underflow.
> }
> } As a workaround, you can bump the process limit for root and/or reap
> } processes more often.
>
> ... or you can try this patch:
>
> Index: kern_fork.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/kern/kern_fork.c,v
> retrieving revision 1.72.2.4
> diff -u -r1.72.2.4 kern_fork.c
> --- kern_fork.c 2000/09/07 19:13:36 1.72.2.4
> +++ kern_fork.c 2000/09/14 22:19:59
> @@ -246,8 +246,8 @@
> * a nonprivileged user to exceed their current limit.
> */
> ok = chgproccnt(p1->p_cred->p_uidinfo, 1,
> - p1->p_rlimit[RLIMIT_NPROC].rlim_cur);
> - if (uid != 0 && !ok) {
> + (uid != 0) ? p1->p_rlimit[RLIMIT_NPROC].rlim_cur : 0);
> + if (!ok) {
> /*
> * Back out the process count
> */
That doesn't look like valid C to me. :)
--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000914152635.X12231>