summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorVenkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com>2011-03-18 15:49:48 -0700
committerEric Van Hensbergen <ericvh@gmail.com>2011-03-22 16:32:50 -0500
commit68da9ba4eeadae86ad42e52b80822fbd56971267 (patch)
treec832a4b1ff3e1bf97601183d11dfe7149a0da41c /security
parentaaf0ef1d2bce05cfd06cf29c96a6973df4d0a6a8 (diff)
downloadlwn-68da9ba4eeadae86ad42e52b80822fbd56971267.tar.gz
lwn-68da9ba4eeadae86ad42e52b80822fbd56971267.zip
[net/9p]: Introduce basic flow-control for VirtIO transport.
Recent zerocopy work in the 9P VirtIO transport maps and pins user buffers into kernel memory for the server to work on them. Since the user process can initiate this kind of pinning with a simple read/write call, thousands of IO threads initiated by the user process can hog the system resources and could result into denial of service. This patch introduces flow control to avoid that extreme scenario. The ceiling limit to avoid denial of service attacks is set to relatively high (nr_free_pagecache_pages()/4) so that it won't interfere with regular usage, but can step in extreme cases to limit the total system hang. Since we don't have a global structure to accommodate this variable, I choose the virtio_chan as the home for this. Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Reviewed-by: Badari Pulavarty <pbadari@us.ibm.com> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions