[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buglet in src/sys/kern/kern_synch.c?


While glancing through the source, this fell into my eye:

kern_synch.c, rev. 1.25, function mi_switch(), line 695 ff.: If a process
exceeds its soft, but not hard CPU limit, it gets sent the SIGXCPU signal and
its soft limit is raised by 5 seconds (to avoid signal flooding,
I suppose). The problem is that the rlim pointer in fact points to
a data structure that might be shared by more than one process.
So other, not really related processes, could get their soft limit
raised (maximally up to hard limit + 4 seconds).

Impact: Probably not TOO much. Processes exceeding their intended
soft limit may not get proper SIGXCPU notification, perhaps instead
being killed by SIGKILL w/o any prior notification, even if the
intended hard limit is set higher than the soft limit to enable such

Solution: Either copy the limits, as a recent change to process accounting
implemented there, too (that might favorize the earlier suggestion by me,
factoring out the real copy-on-write logic and setting of resource
limits from the permission check, as now we need access to that logic
three times: in sys_setrlimit(), in do_acct() and in mi_switch())

Or don't raise the limit but avoid notification flooding in another way...

Regards, Hannah.
Hannah Schröter                Technik              hannah_(_at_)_schlund_(_dot_)_de
Bei Schlund + Partner AG       Erbprinzenstr. 4-12  D-76133 Karlsruhe

Besuchen Sie unseren Automarkt http://www.webauto.de/

Visit your host, monkey.org