[issue2019] panic: file desc: malloc limit exceeded
Matthew Dillon
dillon at apollo.backplane.com
Sun Mar 6 09:01:52 PST 2011
Hmm. Clearly kern.maxfilesperuser isn't going to help for the
sparse file descriptor table attack. The defaults on an i386
box seem to be on the order of 6000 processes x 25000 descriptors
per process, which winds up being significant greater than a gigabyte
of ram (let alone kvm)... so it goes boom.
I think we do have to apply the maxfilesperuser limit to this situation
counted based on the size of the fd table instead of based on the number
of actual descriptors. That would handle the situation.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Bugs
mailing list