Message ID | 20191212163904.159893-55-dgilbert@redhat.com |
---|---|
State | New |
Headers | show |
Series | virtiofs daemon [all] | expand |
On Thu, Dec 12, 2019 at 04:38:14PM +0000, Dr. David Alan Gilbert (git) wrote: > From: Stefan Hajnoczi <stefanha@redhat.com> > > virtiofsd can exceed the default open file descriptor limit easily on > most systems. Take advantage of the fact that it runs as root to raise > the limit. > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > tools/virtiofsd/passthrough_ll.c | 32 ++++++++++++++++++++++++++++++++ > 1 file changed, 32 insertions(+) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel
On 12/12/19 5:38 PM, Dr. David Alan Gilbert (git) wrote: > From: Stefan Hajnoczi <stefanha@redhat.com> > > virtiofsd can exceed the default open file descriptor limit easily on > most systems. Take advantage of the fact that it runs as root to raise > the limit. > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > tools/virtiofsd/passthrough_ll.c | 32 ++++++++++++++++++++++++++++++++ > 1 file changed, 32 insertions(+) > > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c > index ab318a6f36..139bf08f4c 100644 > --- a/tools/virtiofsd/passthrough_ll.c > +++ b/tools/virtiofsd/passthrough_ll.c > @@ -52,6 +52,7 @@ > #include <sys/file.h> > #include <sys/mount.h> > #include <sys/prctl.h> > +#include <sys/resource.h> > #include <sys/syscall.h> > #include <sys/types.h> > #include <sys/wait.h> > @@ -2250,6 +2251,35 @@ static void setup_sandbox(struct lo_data *lo, struct fuse_session *se) > setup_seccomp(); > } > > +/* Raise the maximum number of open file descriptors */ > +static void setup_nofile_rlimit(void) > +{ > + const rlim_t max_fds = 1000000; 'static const'? Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> > + struct rlimit rlim; > + > + if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) { > + fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n"); > + exit(1); > + } > + > + if (rlim.rlim_cur >= max_fds) { > + return; /* nothing to do */ > + } > + > + rlim.rlim_cur = max_fds; > + rlim.rlim_max = max_fds; > + > + if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) { > + /* Ignore SELinux denials */ > + if (errno == EPERM) { > + return; > + } > + > + fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n"); > + exit(1); > + } > +} > + > int main(int argc, char *argv[]) > { > struct fuse_args args = FUSE_ARGS_INIT(argc, argv); > @@ -2371,6 +2401,8 @@ int main(int argc, char *argv[]) > > fuse_daemonize(opts.foreground); > > + setup_nofile_rlimit(); > + > /* Must be before sandbox since it wants /proc */ > setup_capng(); > >
* Philippe Mathieu-Daudé (philmd@redhat.com) wrote: > On 12/12/19 5:38 PM, Dr. David Alan Gilbert (git) wrote: > > From: Stefan Hajnoczi <stefanha@redhat.com> > > > > virtiofsd can exceed the default open file descriptor limit easily on > > most systems. Take advantage of the fact that it runs as root to raise > > the limit. > > > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > > --- > > tools/virtiofsd/passthrough_ll.c | 32 ++++++++++++++++++++++++++++++++ > > 1 file changed, 32 insertions(+) > > > > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c > > index ab318a6f36..139bf08f4c 100644 > > --- a/tools/virtiofsd/passthrough_ll.c > > +++ b/tools/virtiofsd/passthrough_ll.c > > @@ -52,6 +52,7 @@ > > #include <sys/file.h> > > #include <sys/mount.h> > > #include <sys/prctl.h> > > +#include <sys/resource.h> > > #include <sys/syscall.h> > > #include <sys/types.h> > > #include <sys/wait.h> > > @@ -2250,6 +2251,35 @@ static void setup_sandbox(struct lo_data *lo, struct fuse_session *se) > > setup_seccomp(); > > } > > +/* Raise the maximum number of open file descriptors */ > > +static void setup_nofile_rlimit(void) > > +{ > > + const rlim_t max_fds = 1000000; > > 'static const'? Why? > Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> > Thanks! > > + struct rlimit rlim; > > + > > + if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) { > > + fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n"); > > + exit(1); > > + } > > + > > + if (rlim.rlim_cur >= max_fds) { > > + return; /* nothing to do */ > > + } > > + > > + rlim.rlim_cur = max_fds; > > + rlim.rlim_max = max_fds; > > + > > + if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) { > > + /* Ignore SELinux denials */ > > + if (errno == EPERM) { > > + return; > > + } > > + > > + fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n"); > > + exit(1); > > + } > > +} > > + > > int main(int argc, char *argv[]) > > { > > struct fuse_args args = FUSE_ARGS_INIT(argc, argv); > > @@ -2371,6 +2401,8 @@ int main(int argc, char *argv[]) > > fuse_daemonize(opts.foreground); > > + setup_nofile_rlimit(); > > + > > /* Must be before sandbox since it wants /proc */ > > setup_capng(); > > > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c index ab318a6f36..139bf08f4c 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -52,6 +52,7 @@ #include <sys/file.h> #include <sys/mount.h> #include <sys/prctl.h> +#include <sys/resource.h> #include <sys/syscall.h> #include <sys/types.h> #include <sys/wait.h> @@ -2250,6 +2251,35 @@ static void setup_sandbox(struct lo_data *lo, struct fuse_session *se) setup_seccomp(); } +/* Raise the maximum number of open file descriptors */ +static void setup_nofile_rlimit(void) +{ + const rlim_t max_fds = 1000000; + struct rlimit rlim; + + if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) { + fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n"); + exit(1); + } + + if (rlim.rlim_cur >= max_fds) { + return; /* nothing to do */ + } + + rlim.rlim_cur = max_fds; + rlim.rlim_max = max_fds; + + if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) { + /* Ignore SELinux denials */ + if (errno == EPERM) { + return; + } + + fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n"); + exit(1); + } +} + int main(int argc, char *argv[]) { struct fuse_args args = FUSE_ARGS_INIT(argc, argv); @@ -2371,6 +2401,8 @@ int main(int argc, char *argv[]) fuse_daemonize(opts.foreground); + setup_nofile_rlimit(); + /* Must be before sandbox since it wants /proc */ setup_capng();