* Stefan Hajnoczi (stefa...@redhat.com) wrote: > This patch series introduces the --rlimit-nofile=NUM option for setting the > number of open files on the virtiofsd process. This gives users and > management > tools more control over resource limits. > > Previously it was possible for FUSE clients on machines with less than ~10 GB > of RAM to exhaust the system-wide open file limit. This is a denial of > service > attack against other processes running on the host. > > This patch series updates the default RLIMIT_NOFILE calculation to take the > fs.file-max sysctl value into account. This solves the fs.file-max DoS.
Queued. > Stefan Hajnoczi (2): > virtiofsd: add --rlimit-nofile=NUM option > virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717) > > tools/virtiofsd/fuse_lowlevel.h | 1 + > tools/virtiofsd/helper.c | 47 ++++++++++++++++++++++++++++++++ > tools/virtiofsd/passthrough_ll.c | 22 ++++++--------- > 3 files changed, 56 insertions(+), 14 deletions(-) > > -- > 2.25.3 > -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
