[22/25] virtiofsd: set maximum RLIMIT_NOFILE limit

Message ID	20191024112718.34657-23-dgilbert@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com> To: qemu-devel@nongnu.org, renzhen@linux.alibaba.com, eguan@linux.alibaba.com, ganesh.mahalingam@intel.com, m.mizuma@jp.fujitsu.com, mszeredi@redhat.com, misono.tomohiro@jp.fujitsu.com, tao.peng@linux.alibaba.com, piaojun@huawei.com, stefanha@redhat.com, vgoyal@redhat.com, mst@redhat.com, berrange@redhat.com Subject: [PATCH 22/25] virtiofsd: set maximum RLIMIT_NOFILE limit Date: Thu, 24 Oct 2019 12:27:15 +0100 Message-Id: <20191024112718.34657-23-dgilbert@redhat.com> In-Reply-To: <20191024112718.34657-1-dgilbert@redhat.com> References: <20191024112718.34657-1-dgilbert@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	virtiofs daemon (security) \| expand [00/25] virtiofs daemon (security) [01/25] virtiofsd: passthrough_ll: create new files in caller's context [02/25] virtiofsd: passthrough_ll: add lo_map for ino/fh indirection [03/25] virtiofsd: passthrough_ll: add ino_map to hide lo_inode pointers [04/25] virtiofsd: passthrough_ll: add dirp_map to hide lo_dirp pointers [05/25] virtiofsd: passthrough_ll: add fd_map to hide file descriptors [06/25] virtiofsd: passthrough_ll: add fallback for racy ops [07/25] virtiofsd: validate path components [08/25] virtiofsd: Plumb fuse_bufvec through to do_write_buf [09/25] virtiofsd: Pass write iov's all the way through [10/25] virtiofsd: add fuse_mbuf_iter API [11/25] virtiofsd: validate input buffer sizes in do_write_buf() [12/25] virtiofsd: check input buffer size in fuse_lowlevel.c ops [13/25] virtiofsd: prevent ".." escape in lo_do_lookup() [14/25] virtiofsd: prevent ".." escape in lo_do_readdir() [15/25] virtiofsd: use /proc/self/fd/ O_PATH file descriptor [16/25] virtiofsd: sandbox mount namespace [17/25] virtiofsd: move to an empty network namespace [18/25] virtiofsd: move to a new pid namespace [19/25] virtiofsd: add seccomp whitelist [20/25] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV [21/25] virtiofsd: Drop CAP_FSETID if client asked for it [22/25] virtiofsd: set maximum RLIMIT_NOFILE limit [23/25] virtiofsd: add security guide document [24/25] virtiofsd: add --syslog command-line option [25/25] virtiofsd: print log only when priority is high enough

Message ID

20191024112718.34657-23-dgilbert@redhat.com

State

New

Headers

From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>
To: qemu-devel@nongnu.org, renzhen@linux.alibaba.com, eguan@linux.alibaba.com,
	ganesh.mahalingam@intel.com, m.mizuma@jp.fujitsu.com,
	mszeredi@redhat.com, 
	misono.tomohiro@jp.fujitsu.com, tao.peng@linux.alibaba.com,
	piaojun@huawei.com, stefanha@redhat.com, vgoyal@redhat.com,
	mst@redhat.com, berrange@redhat.com
Subject: [PATCH 22/25] virtiofsd: set maximum RLIMIT_NOFILE limit
Date: Thu, 24 Oct 2019 12:27:15 +0100
Message-Id: <20191024112718.34657-23-dgilbert@redhat.com>
In-Reply-To: <20191024112718.34657-1-dgilbert@redhat.com>
References: <20191024112718.34657-1-dgilbert@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Series

virtiofs daemon (security) | expand

Commit Message

Dr. David Alan Gilbert Oct. 24, 2019, 11:27 a.m. UTC

From: Stefan Hajnoczi <stefanha@redhat.com>

virtiofsd can exceed the default open file descriptor limit easily on
most systems.  Take advantage of the fact that it runs as root to set up
the maximum open file descriptor limit allowed on the system (the
nr_open sysctl).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 contrib/virtiofsd/passthrough_ll.c | 34 ++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/contrib/virtiofsd/passthrough_ll.c b/contrib/virtiofsd/passthrough_ll.c
index fe46b25fb6..25f7ad854a 100644
--- a/contrib/virtiofsd/passthrough_ll.c
+++ b/contrib/virtiofsd/passthrough_ll.c
@@ -53,9 +53,11 @@ 
 #include <sys/xattr.h>
 #include <sys/capability.h>
 #include <sys/mount.h>
+#include <sys/resource.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
+#include <glib.h>
 #include "passthrough_helpers.h"
 #include "seccomp.h"
 
@@ -2110,6 +2112,36 @@  static void setup_sandbox(struct lo_data *lo)
 	setup_seccomp();
 }
 
+/* Raise the maximum number of open file descriptors to the system limit */
+static void setup_nofile_rlimit(void)
+{
+	gchar *nr_open = NULL;
+	struct rlimit rlim;
+	long long max;
+
+	if (!g_file_get_contents("/proc/sys/fs/nr_open", &nr_open, NULL, NULL)) {
+		fuse_log(FUSE_LOG_ERR, "unable to read /proc/sys/fs/nr_open\n");
+		exit(1);
+	}
+
+	errno = 0;
+	max = strtoll(nr_open, NULL, 0);
+	if (errno) {
+		fuse_log(FUSE_LOG_ERR, "strtoll(%s): %m\n", nr_open);
+		exit(1);
+	}
+
+	rlim.rlim_cur = max;
+	rlim.rlim_max = max;
+
+	if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
+		fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n");
+		exit(1);
+	}
+
+	g_free(nr_open);
+}
+
 int main(int argc, char *argv[])
 {
 	struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
@@ -2125,6 +2157,8 @@  int main(int argc, char *argv[])
 	/* Don't mask creation mode, kernel already did that */
 	umask(0);
 
+	setup_nofile_rlimit();
+
 	pthread_mutex_init(&lo.mutex, NULL);
 	lo.root.next = lo.root.prev = &lo.root;
 	lo.root.fd = -1;

[22/25] virtiofsd: set maximum RLIMIT_NOFILE limit

Commit Message

Patch