[issue2019] panic: file desc: malloc limit exceeded

Matthew Dillon dillon at apollo.backplane.com
Sun Mar 6 09:01:52 PST 2011


    Hmm.  Clearly kern.maxfilesperuser isn't going to help for the
    sparse file descriptor table attack.  The defaults on an i386
    box seem to be on the order of 6000 processes x 25000 descriptors
    per process, which winds up being significant greater than a gigabyte
    of ram (let alone kvm)... so it goes boom.

    I think we do have to apply the maxfilesperuser limit to this situation
    counted based on the size of the fd table instead of based on the number
    of actual descriptors.  That would handle the situation.

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>





More information about the Bugs mailing list