In message <20030519233353.GD13706@mail.jlokier.co.uk> you write:
> Ingo Molnar wrote:
> > FUTEX_FD is an instant DoS, it allows the pinning of one page per file
> > descriptor, per thread. With a default limit of 1024 open files per
> > thread, and 256 threads (on a sane/conservative setup), this means 1 GB of
> > RAM can be pinned down by a normal unprivileged user.
>
> The correct solution [;)] is EP_FUTEX - allow a futex to be specified
> as the source of an epoll event.
Hi Jamie!
No, you don't understand (or maybe you were being facetious 8).
A normal futex blocks: ie. you can only have one futex being slept on
per process, so pinning a page is probably fine.
The NGPT guys wanted to allow waiting on more than one futex per
process. If you want to allow this through *any* mechanism, you have to:
1) Allocate something for each futex. The normal case uses the stack,
so never fails.
2) Control the number which can be used at once.
The current implementation needs a tighter #2.
Cheers,
Rusty.
-- Anyone who quotes me in their sig is an idiot. -- Rusty Russell. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri May 23 2003 - 22:00:38 EST