[054/104] virtiofsd: set maximum RLIMIT_NOFILE limit

Message ID	20191212163904.159893-55-dgilbert@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com> To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com Subject: [PATCH 054/104] virtiofsd: set maximum RLIMIT_NOFILE limit Date: Thu, 12 Dec 2019 16:38:14 +0000 Message-Id: <20191212163904.159893-55-dgilbert@redhat.com> In-Reply-To: <20191212163904.159893-1-dgilbert@redhat.com> References: <20191212163904.159893-1-dgilbert@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	virtiofs daemon [all] \| expand [000/104] virtiofs daemon [all] [001/104] virtiofsd: Pull in upstream headers [002/104] virtiofsd: Pull in kernel's fuse.h [003/104] virtiofsd: Add auxiliary .c's [004/104] virtiofsd: Add fuse_lowlevel.c [005/104] virtiofsd: Add passthrough_ll [006/104] virtiofsd: Trim down imported files [007/104] virtiofsd: Format imported files to qemu style [008/104] virtiofsd: remove mountpoint dummy argument [009/104] virtiofsd: remove unused notify reply support [010/104] virtiofsd: Fix fuse_daemonize ignored return values [011/104] virtiofsd: Fix common header and define for QEMU builds [012/104] virtiofsd: Trim out compatibility code [013/104] virtiofsd: Make fsync work even if only inode is passed in [014/104] virtiofsd: Add options for virtio [015/104] virtiofsd: add -o source=PATH to help output [016/104] virtiofsd: Open vhost connection instead of mounting [017/104] virtiofsd: Start wiring up vhost-user [018/104] virtiofsd: Add main virtio loop [019/104] virtiofsd: get/set features callbacks [020/104] virtiofsd: Start queue threads [021/104] virtiofsd: Poll kick_fd for queue [022/104] virtiofsd: Start reading commands from queue [023/104] virtiofsd: Send replies to messages [024/104] virtiofsd: Keep track of replies [025/104] virtiofsd: Add Makefile wiring for virtiofsd contrib [026/104] virtiofsd: Fast path for virtio read [027/104] virtiofsd: add --fd=FDNUM fd passing option [028/104] virtiofsd: make -f (foreground) the default [029/104] virtiofsd: add vhost-user.json file [030/104] virtiofsd: add --print-capabilities option [031/104] virtiofs: Add maintainers entry [032/104] virtiofsd: passthrough_ll: create new files in caller's context [033/104] virtiofsd: passthrough_ll: add lo_map for ino/fh indirection [034/104] virtiofsd: passthrough_ll: add ino_map to hide lo_inode pointers [035/104] virtiofsd: passthrough_ll: add dirp_map to hide lo_dirp pointers [036/104] virtiofsd: passthrough_ll: add fd_map to hide file descriptors [037/104] virtiofsd: passthrough_ll: add fallback for racy ops [038/104] virtiofsd: validate path components [039/104] virtiofsd: Plumb fuse_bufvec through to do_write_buf [040/104] virtiofsd: Pass write iov's all the way through [041/104] virtiofsd: add fuse_mbuf_iter API [042/104] virtiofsd: validate input buffer sizes in do_write_buf() [043/104] virtiofsd: check input buffer size in fuse_lowlevel.c ops [044/104] virtiofsd: prevent ".." escape in lo_do_lookup() [045/104] virtiofsd: prevent ".." escape in lo_do_readdir() [046/104] virtiofsd: use /proc/self/fd/ O_PATH file descriptor [047/104] virtiofsd: sandbox mount namespace [048/104] virtiofsd: move to an empty network namespace [049/104] virtiofsd: move to a new pid namespace [050/104] virtiofsd: add seccomp whitelist [051/104] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV [052/104] virtiofsd: cap-ng helpers [053/104] virtiofsd: Drop CAP_FSETID if client asked for it [054/104] virtiofsd: set maximum RLIMIT_NOFILE limit [055/104] virtiofsd: fix libfuse information leaks [056/104] virtiofsd: add security guide document [057/104] virtiofsd: add --syslog command-line option [058/104] virtiofsd: print log only when priority is high enough [059/104] virtiofsd: Add ID to the log with FUSE_LOG_DEBUG level [060/104] virtiofsd: Add timestamp to the log with FUSE_LOG_DEBUG level [061/104] virtiofsd: Handle reinit [062/104] virtiofsd: Handle hard reboot [063/104] virtiofsd: Kill threads when queues are stopped [064/104] vhost-user: Print unexpected slave message types [065/104] contrib/libvhost-user: Protect slave fd with mutex [066/104] virtiofsd: passthrough_ll: add renameat2 support [067/104] virtiofsd: passthrough_ll: disable readdirplus on cache=never [068/104] virtiofsd: passthrough_ll: control readdirplus [069/104] virtiofsd: rename unref_inode() to unref_inode_lolocked() [070/104] virtiofsd: fail when parent inode isn't known in lo_do_lookup() [071/104] virtiofsd: extract root inode init into setup_root() [072/104] virtiofsd: passthrough_ll: fix refcounting on remove/rename [073/104] virtiofsd: passthrough_ll: clean up cache related options [074/104] virtiofsd: passthrough_ll: use hashtable [075/104] virtiofsd: Clean up inodes on destroy [076/104] virtiofsd: support nanosecond resolution for file timestamp [077/104] virtiofsd: fix error handling in main() [078/104] virtiofsd: cleanup allocated resource in se [079/104] virtiofsd: fix memory leak on lo.source [080/104] virtiofsd: add helper for lo_data cleanup [081/104] virtiofsd: Prevent multiply running with same vhost_user_socket [082/104] virtiofsd: enable PARALLEL_DIROPS during INIT [083/104] virtiofsd: fix incorrect error handling in lo_do_lookup [084/104] Virtiofsd: fix memory leak on fuse queueinfo [085/104] virtiofsd: Support remote posix locks [086/104] virtiofsd: use fuse_lowlevel_is_virtio() in fuse_session_destroy() [087/104] virtiofsd: prevent fv_queue_thread() vs virtio_loop() races [088/104] virtiofsd: make lo_release() atomic [089/104] virtiofsd: prevent races with lo_dirp_put() [090/104] virtiofsd: rename inode->refcount to inode->nlookup [091/104] libvhost-user: Fix some memtable remap cases [092/104] virtiofsd: add man page [093/104] virtiofsd: introduce inode refcount to prevent use-after-free [094/104] virtiofsd: do not always set FUSE_FLOCK_LOCKS [095/104] virtiofsd: convert more fprintf and perror to use fuse log infra [096/104] virtiofsd: Reset O_DIRECT flag during file open [097/104] virtiofsd: Fix data corruption with O_APPEND wirte in writeback mode [098/104] virtiofsd: add definition of fuse_buf_writev() [099/104] virtiofsd: use fuse_buf_writev to replace fuse_buf_write for better performance [100/104] virtiofsd: process requests in a thread pool [101/104] virtiofsd: prevent FUSE_INIT/FUSE_DESTROY races [102/104] virtiofsd: fix lo_destroy() resource leaks [103/104] virtiofsd: add --thread-pool-size=NUM option [104/104] virtiofsd: Convert lo_destroy to take the lo->mutex lock itself [105/104] virtiofsd: Unref old/new inodes with the same mutex lock in lo_rename()

Message ID

20191212163904.159893-55-dgilbert@redhat.com

State

New

Headers

From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>
To: qemu-devel@nongnu.org,
	stefanha@redhat.com,
	vgoyal@redhat.com
Subject: [PATCH 054/104] virtiofsd: set maximum RLIMIT_NOFILE limit
Date: Thu, 12 Dec 2019 16:38:14 +0000
Message-Id: <20191212163904.159893-55-dgilbert@redhat.com>
In-Reply-To: <20191212163904.159893-1-dgilbert@redhat.com>
References: <20191212163904.159893-1-dgilbert@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Series

virtiofs daemon [all] | expand

Commit Message

Dr. David Alan Gilbert Dec. 12, 2019, 4:38 p.m. UTC

From: Stefan Hajnoczi <stefanha@redhat.com>

virtiofsd can exceed the default open file descriptor limit easily on
most systems.  Take advantage of the fact that it runs as root to raise
the limit.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 tools/virtiofsd/passthrough_ll.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

Comments

Daniel P. Berrangé Jan. 6, 2020, 3 p.m. UTC | #1

On Thu, Dec 12, 2019 at 04:38:14PM +0000, Dr. David Alan Gilbert (git) wrote:
> From: Stefan Hajnoczi <stefanha@redhat.com>
> 
> virtiofsd can exceed the default open file descriptor limit easily on
> most systems.  Take advantage of the fact that it runs as root to raise
> the limit.
> 
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>  tools/virtiofsd/passthrough_ll.c | 32 ++++++++++++++++++++++++++++++++
>  1 file changed, 32 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel

Philippe Mathieu-Daudé Jan. 15, 2020, 5:09 p.m. UTC | #2

On 12/12/19 5:38 PM, Dr. David Alan Gilbert (git) wrote:
> From: Stefan Hajnoczi <stefanha@redhat.com>
> 
> virtiofsd can exceed the default open file descriptor limit easily on
> most systems.  Take advantage of the fact that it runs as root to raise
> the limit.
> 
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>   tools/virtiofsd/passthrough_ll.c | 32 ++++++++++++++++++++++++++++++++
>   1 file changed, 32 insertions(+)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> index ab318a6f36..139bf08f4c 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -52,6 +52,7 @@
>   #include <sys/file.h>
>   #include <sys/mount.h>
>   #include <sys/prctl.h>
> +#include <sys/resource.h>
>   #include <sys/syscall.h>
>   #include <sys/types.h>
>   #include <sys/wait.h>
> @@ -2250,6 +2251,35 @@ static void setup_sandbox(struct lo_data *lo, struct fuse_session *se)
>       setup_seccomp();
>   }
>   
> +/* Raise the maximum number of open file descriptors */
> +static void setup_nofile_rlimit(void)
> +{
> +    const rlim_t max_fds = 1000000;

'static const'?

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> +    struct rlimit rlim;
> +
> +    if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
> +        fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
> +        exit(1);
> +    }
> +
> +    if (rlim.rlim_cur >= max_fds) {
> +        return; /* nothing to do */
> +    }
> +
> +    rlim.rlim_cur = max_fds;
> +    rlim.rlim_max = max_fds;
> +
> +    if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
> +        /* Ignore SELinux denials */
> +        if (errno == EPERM) {
> +            return;
> +        }
> +
> +        fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n");
> +        exit(1);
> +    }
> +}
> +
>   int main(int argc, char *argv[])
>   {
>       struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
> @@ -2371,6 +2401,8 @@ int main(int argc, char *argv[])
>   
>       fuse_daemonize(opts.foreground);
>   
> +    setup_nofile_rlimit();
> +
>       /* Must be before sandbox since it wants /proc */
>       setup_capng();
>   
>

Dr. David Alan Gilbert Jan. 15, 2020, 5:38 p.m. UTC | #3

* Philippe Mathieu-Daudé (philmd@redhat.com) wrote:
> On 12/12/19 5:38 PM, Dr. David Alan Gilbert (git) wrote:
> > From: Stefan Hajnoczi <stefanha@redhat.com>
> > 
> > virtiofsd can exceed the default open file descriptor limit easily on
> > most systems.  Take advantage of the fact that it runs as root to raise
> > the limit.
> > 
> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> > ---
> >   tools/virtiofsd/passthrough_ll.c | 32 ++++++++++++++++++++++++++++++++
> >   1 file changed, 32 insertions(+)
> > 
> > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> > index ab318a6f36..139bf08f4c 100644
> > --- a/tools/virtiofsd/passthrough_ll.c
> > +++ b/tools/virtiofsd/passthrough_ll.c
> > @@ -52,6 +52,7 @@
> >   #include <sys/file.h>
> >   #include <sys/mount.h>
> >   #include <sys/prctl.h>
> > +#include <sys/resource.h>
> >   #include <sys/syscall.h>
> >   #include <sys/types.h>
> >   #include <sys/wait.h>
> > @@ -2250,6 +2251,35 @@ static void setup_sandbox(struct lo_data *lo, struct fuse_session *se)
> >       setup_seccomp();
> >   }
> > +/* Raise the maximum number of open file descriptors */
> > +static void setup_nofile_rlimit(void)
> > +{
> > +    const rlim_t max_fds = 1000000;
> 
> 'static const'?

Why?

> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> 
Thanks!

> > +    struct rlimit rlim;
> > +
> > +    if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
> > +        fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
> > +        exit(1);
> > +    }
> > +
> > +    if (rlim.rlim_cur >= max_fds) {
> > +        return; /* nothing to do */
> > +    }
> > +
> > +    rlim.rlim_cur = max_fds;
> > +    rlim.rlim_max = max_fds;
> > +
> > +    if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
> > +        /* Ignore SELinux denials */
> > +        if (errno == EPERM) {
> > +            return;
> > +        }
> > +
> > +        fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n");
> > +        exit(1);
> > +    }
> > +}
> > +
> >   int main(int argc, char *argv[])
> >   {
> >       struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
> > @@ -2371,6 +2401,8 @@ int main(int argc, char *argv[])
> >       fuse_daemonize(opts.foreground);
> > +    setup_nofile_rlimit();
> > +
> >       /* Must be before sandbox since it wants /proc */
> >       setup_capng();
> > 
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index ab318a6f36..139bf08f4c 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -52,6 +52,7 @@ 
 #include <sys/file.h>
 #include <sys/mount.h>
 #include <sys/prctl.h>
+#include <sys/resource.h>
 #include <sys/syscall.h>
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -2250,6 +2251,35 @@  static void setup_sandbox(struct lo_data *lo, struct fuse_session *se)
     setup_seccomp();
 }
 
+/* Raise the maximum number of open file descriptors */
+static void setup_nofile_rlimit(void)
+{
+    const rlim_t max_fds = 1000000;
+    struct rlimit rlim;
+
+    if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
+        fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
+        exit(1);
+    }
+
+    if (rlim.rlim_cur >= max_fds) {
+        return; /* nothing to do */
+    }
+
+    rlim.rlim_cur = max_fds;
+    rlim.rlim_max = max_fds;
+
+    if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
+        /* Ignore SELinux denials */
+        if (errno == EPERM) {
+            return;
+        }
+
+        fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n");
+        exit(1);
+    }
+}
+
 int main(int argc, char *argv[])
 {
     struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
@@ -2371,6 +2401,8 @@  int main(int argc, char *argv[])
 
     fuse_daemonize(opts.foreground);
 
+    setup_nofile_rlimit();
+
     /* Must be before sandbox since it wants /proc */
     setup_capng();

[054/104] virtiofsd: set maximum RLIMIT_NOFILE limit

Commit Message

Comments

Patch