Re: 2.6.28, rlimits, performance and debian etch

From: Adam Tkac
Date: Mon Feb 02 2009 - 11:20:53 EST


On Thu, Jan 29, 2009 at 10:05:09AM -0800, Andrew Morton wrote:
> On Thu, 29 Jan 2009 13:19:00 +0100 Adam Tkac <vonsch@xxxxxxxxx> wrote:
>
> >
> > Hi all,
> >
> > I don't think the "rlim_infinity" patch should be reverted. Let me try
> > to explain why.
> >
> > First, code which sets limits to RLIM_INFINITY is very bad idea and
> > that code is Debian specific. I downloaded original pam 0.79 (stripped):
> >
> > for(i = 0; i < RLIM_NLIMITS; i++) {
> > ...
> > int r = getrlimit(i, &pl->limits[i].limit);
> > ...
> >
> > as you can see original pam sets limits to inherited defaults. After
> > code written above Debian adds their patch:
> >
> > if (limits_not_defined_in_limits_conf) {
> > ...
> > case RLIMIT_NOFILE:
> > ...
> > pl->limits[i].limit.rlim_cur = RLIM_INFINITY;
> > pl->limits[i].limit.rlim_max = RLIM_INFINITY;
> > ...
> > }
> >
> > so as you can see inherited default limits are overriden to infinity.
> > In my opinion Debian should revert their patch which is, at least,
> > pretty incorrect and unsecure.
> >
> > Next argument is POSIX compatibility (from setrlimit() specification):
> >
> > "The value RLIM_INFINITY, defined in <sys/resource.h>, shall be
> > considered to be larger than any other limit value. If a call to
> > getrlimit() returns RLIM_INFINITY for a resource, it means the
> > implementation shall not enforce limits on that resource. Specifying
> > RLIM_INFINITY as any resource limit value on a successful call to
> > setrlimit() shall inhibit enforcement of that resource limit."
> >
> > So kernel does what is expected. If you want "unlimited" number of
> > descriptors, you have it.
> >
> > Please consider again where exactly problem is, if in Debian patch or
> > in kernel patch. From my point of view Debian patch should be
> > reverted, not the kernel one.
> >
>
> Sure, debian might well be wrong. But the bottom line is that the
> kernel changed, and people's machines broke.
>
> If the kernel change was really really important then we might just
> grit our teeth and live with the breakage. But this change _wasn't_ a
> terribly important one. So I think we should back it out while we find
> another way of implementing it which does not break currently deployed
> installations.

Well, if we should fix Debian's problem I think better would be to set
limit of files to reasonable number instead of sysctl_nr_open (for
example 4096 or 8192).

Adam
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/