[v2,0/2] virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-10717)

Message ID	20200501140644.220940-1-stefanha@redhat.com (mailing list archive)
Headers	show Return-Path: <SRS0=+kM/=6P=nongnu.org=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 319BB206D6 From: Stefan Hajnoczi <stefanha@redhat.com> To: <qemu-devel@nongnu.org> Subject: [PATCH v2 0/2] virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-10717) Date: Fri, 1 May 2020 15:06:42 +0100 Message-Id: <20200501140644.220940-1-stefanha@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Received-SPF: pass client-ip=207.211.31.120; envelope-from=stefanha@redhat.com; helo=us-smtp-1.mimecast.com Precedence: list Cc: virtio-fs@redhat.com, Stefan Hajnoczi <stefanha@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, vgoyal@redhat.com, pjp@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-10717) \| expand [v2,0/2] virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-10717) [v2,1/2] virtiofsd: add --rlimit-nofile=NUM option [v2,2/2] virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)

Message ID

20200501140644.220940-1-stefanha@redhat.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 319BB206D6
From: Stefan Hajnoczi <stefanha@redhat.com>
To: <qemu-devel@nongnu.org>
Subject: [PATCH v2 0/2] virtiofsd: stay under fs.file-max sysctl limit
 (CVE-2020-10717)
Date: Fri,  1 May 2020 15:06:42 +0100
Message-Id: <20200501140644.220940-1-stefanha@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Received-SPF: pass client-ip=207.211.31.120;
 envelope-from=stefanha@redhat.com;
 helo=us-smtp-1.mimecast.com
Precedence: list
Cc: virtio-fs@redhat.com, Stefan Hajnoczi <stefanha@redhat.com>,
 "Dr. David Alan Gilbert" <dgilbert@redhat.com>, vgoyal@redhat.com,
 pjp@redhat.com
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Series

virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-10717) | expand

Message

Stefan Hajnoczi May 1, 2020, 2:06 p.m. UTC

This patch series introduces the --rlimit-nofile=NUM option for setting the
number of open files on the virtiofsd process.  This gives users and management
tools more control over resource limits.

Previously it was possible for FUSE clients on machines with less than ~10 GB
of RAM to exhaust the system-wide open file limit.  This is a denial of service
attack against other processes running on the host.

This patch series updates the default RLIMIT_NOFILE calculation to take the
fs.file-max sysctl value into account.  This solves the fs.file-max DoS.

Stefan Hajnoczi (2):
  virtiofsd: add --rlimit-nofile=NUM option
  virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)

 tools/virtiofsd/fuse_lowlevel.h  |  1 +
 tools/virtiofsd/helper.c         | 47 ++++++++++++++++++++++++++++++++
 tools/virtiofsd/passthrough_ll.c | 22 ++++++---------
 3 files changed, 56 insertions(+), 14 deletions(-)

Comments

Dr. David Alan Gilbert May 1, 2020, 5:42 p.m. UTC | #1

* Stefan Hajnoczi (stefanha@redhat.com) wrote:
> This patch series introduces the --rlimit-nofile=NUM option for setting the
> number of open files on the virtiofsd process.  This gives users and management
> tools more control over resource limits.
> 
> Previously it was possible for FUSE clients on machines with less than ~10 GB
> of RAM to exhaust the system-wide open file limit.  This is a denial of service
> attack against other processes running on the host.
> 
> This patch series updates the default RLIMIT_NOFILE calculation to take the
> fs.file-max sysctl value into account.  This solves the fs.file-max DoS.

Queued.

> Stefan Hajnoczi (2):
>   virtiofsd: add --rlimit-nofile=NUM option
>   virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
> 
>  tools/virtiofsd/fuse_lowlevel.h  |  1 +
>  tools/virtiofsd/helper.c         | 47 ++++++++++++++++++++++++++++++++
>  tools/virtiofsd/passthrough_ll.c | 22 ++++++---------
>  3 files changed, 56 insertions(+), 14 deletions(-)
> 
> -- 
> 2.25.3
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK