Re: [PATCH v2] Document /proc/pid PID reuse behavior
From: Michal Hocko
Date: Thu Nov 08 2018 - 08:25:18 EST
On Wed 07-11-18 18:04:59, Martin Steigerwald wrote:
> Michal Hocko - 07.11.18, 17:00:
> > > > otherwise anybody could simply DoS the system
> > > > by consuming all available pids.
> > >
> > > People can do that today using the instrument of terror widely known
> > > as fork(2). The only thing standing between fork(2) and a full
> > > process table is RLIMIT_NPROC.
> >
> > not really. If you really do care about pid space depletion then you
> > should use pid cgroup controller.
>
> Its not quite on-topic, but I am curious now: AFAIK PID limit is 16
> bits. Right? Could it be raised to 32 bits? I bet it would be a major
> change throughout different parts of the kernel.
>
> 16 bits sound a bit low these days, not only for PIDs, but also for
> connections / ports.
Do you have any specific example of the pid space exhaustion? Well
except for a fork bomb attacks that could be mitigated by the pid cgroup
controller.
--
Michal Hocko
SUSE Labs