> Member i_count in struct inode contains the usage count. It is of type > unsigned short, which is only 16-bit long on i386. Unfortunately, it > is not enough. You can make it overflow by mapping one file many > times: Making i_count unsigned long fixes this (Im sure its simple enough not to need a patch). This should be in 2.0.34 > To fix this bug simply change the i_count type to unsigned long. Yep. You might want to fix a few printk() calls to fix formatting of error reports but that only causes a problem on machines where sizeof(long)!=sizeof(int) - Alpha and Ultrasparc. Bug#2 > typical Linux configuration. Although you can avoid users to eat > resources this way by setting resource limits properly this effect can > be considered to be a Linux bug. Linux is protected to avoid > allocating all process slots by normal users. There are reserved > MIN_TASKS_LEFT_FOR_ROOT slots for root. So there should be also > protection to avoid allocating all memory by normal users. This seems to be a generic Unix bug. I brought down our SGI with that program, and netbsd also seems to jam solid. The general vulnerability is going to be the same on all OS's (anyone got an NT port ?) or want to make a summary table. There is a good argument for limiting the number of individual maps per process - but if its too low it will break stuff like emulators and electric fence that use a lot of maps Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:39:00 PDT