Page MenuHomeFreeBSD
Differential D57031

limits: Further RLIMIT_VMM cleanup
ClosedPublic
Actions

Authored by des on Sat, May 16, 4:38 PM.

Details

Reviewers
bnovkov
jilles
olce
Commits
rG363ea40c7654: limits: Further RLIMIT_VMM cleanup
Summary

Teach limits(1), sh(1), and setclassresources(3) about RLIMIT_VMM.

Fixes: 1092ec8b3375 ("kern: Introduce RLIMIT_VMM")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

des created this revision.Sat, May 16, 4:38 PM
Herald added a reviewer: jilles. · View Herald TranscriptSat, May 16, 4:38 PM
Herald added a reviewer: olce. · View Herald Transcript
Herald added a subscriber: imp. · View Herald Transcript
des requested review of this revision.Sat, May 16, 4:38 PM
Herald added a subscriber: andrew_tao173.riddles.org.uk. · View Herald TranscriptSat, May 16, 4:38 PM
Harbormaster completed remote builds in B73149: Diff 177928.Sat, May 16, 4:38 PM
des mentioned this in D55041: login: install per-UID setrlimit(2) limits on login.Sat, May 16, 4:41 PM
jilles added a comment.Sat, May 16, 9:09 PM

It feels a little weird to clutter up ulimit -a and limits with a limit for this pretty exotic feature.

jilles added inline comments.Sun, May 17, 2:26 PM
lib/libutil/login_class.c
69

Does the keyword vmm need to be documented somewhere, especially because limits calls it vms instead?

des updated this revision to Diff 177965.Sun, May 17, 2:51 PM

typo

Harbormaster completed remote builds in B73162: Diff 177965.Sun, May 17, 2:51 PM
des marked an inline comment as done.Sun, May 17, 2:51 PM
des added inline comments.
lib/libutil/login_class.c
69

That's a typo, it should be vms in both cases. It is intended to be descriptive.

des marked an inline comment as done.Sun, May 17, 2:52 PM
bnovkov added a comment.Sun, May 17, 4:20 PM
In D57031#1306916, @jilles wrote:

It feels a little weird to clutter up ulimit -a and limits with a limit for this pretty exotic feature.

Virtual machines are hardly an exotic feature, and ever since af099eaa5ec3 landed unprivileged users are able to create virtual machines.
This limit is meant to prevent unprivileged users from exhausting kernel memory by repeatedly creating new virtual machines.

bnovkov accepted this revision.Sun, May 17, 4:21 PM

Looks good to me, thank you for working on this. I'll follow up on this with a patch that fully incorporates the uses of RLIMIT_VMM into the setrlimit(2) machinery tomorrow.

This revision is now accepted and ready to land.Sun, May 17, 4:21 PM
Closed by commit rG363ea40c7654: limits: Further RLIMIT_VMM cleanup (authored by des). · Explain WhySun, May 17, 4:24 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: rG363ea40c7654: limits: Further RLIMIT_VMM cleanup.

Revision Contents
Changeset List

PathSize
bin/
sh/
5 lines
lib/
libutil/
1 line
usr.bin/
limits/
2 lines

Diff 177970

View Options

bin/sh/miscbltin.c

Loading...
View Options

lib/libutil/login_class.c

Loading...
View Options

usr.bin/limits/limits.c

Loading...