From patchwork Fri May 1 14:06:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Hajnoczi X-Patchwork-Id: 283608 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1162DC47253 for ; Fri, 1 May 2020 14:08:14 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D0411206D6 for ; Fri, 1 May 2020 14:08:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="SWySuYZG" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D0411206D6 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:47170 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jUWKq-0003xd-Vp for qemu-devel@archiver.kernel.org; Fri, 01 May 2020 10:08:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37244) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jUWK0-0002cY-C6 for qemu-devel@nongnu.org; Fri, 01 May 2020 10:07:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jUWJl-0005zw-MH for qemu-devel@nongnu.org; Fri, 01 May 2020 10:07:19 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:30770 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jUWJl-0005zd-7f for qemu-devel@nongnu.org; Fri, 01 May 2020 10:07:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1588342023; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=St3vGR/TfylnPu/VCoYyYWbMTN4fy7N4JycQv2XtMpY=; b=SWySuYZGtU1cn+6mKCLWjwCI1qog31mr4n3SKxmd/iFjEofu4i/YANlgN00wxY7tlysNh1 rThtl6q6TNtCwidC7wcGth/3fm3mbD1ifxg0lsHC2mWOvCsCfvAAnKdB25xeKyMPzArS1b 4t2PWBz1YCoAUcvVFHNjWSiKnGc/IAQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-451-oI1iWcftML24L2jY8C99fQ-1; Fri, 01 May 2020 10:07:01 -0400 X-MC-Unique: oI1iWcftML24L2jY8C99fQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DC3D08015CE for ; Fri, 1 May 2020 14:07:00 +0000 (UTC) Received: from localhost (ovpn-112-36.ams2.redhat.com [10.36.112.36]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2AE48196AE; Fri, 1 May 2020 14:06:52 +0000 (UTC) From: Stefan Hajnoczi To: Subject: [PATCH v2 0/2] virtiofsd: stay under fs.file-max sysctl limit (CVE-2020-10717) Date: Fri, 1 May 2020 15:06:42 +0100 Message-Id: <20200501140644.220940-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=stefanha@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/01 07:23:28 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 207.211.31.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: virtio-fs@redhat.com, Stefan Hajnoczi , "Dr. David Alan Gilbert" , vgoyal@redhat.com, pjp@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This patch series introduces the --rlimit-nofile=NUM option for setting the number of open files on the virtiofsd process. This gives users and management tools more control over resource limits. Previously it was possible for FUSE clients on machines with less than ~10 GB of RAM to exhaust the system-wide open file limit. This is a denial of service attack against other processes running on the host. This patch series updates the default RLIMIT_NOFILE calculation to take the fs.file-max sysctl value into account. This solves the fs.file-max DoS. Stefan Hajnoczi (2): virtiofsd: add --rlimit-nofile=NUM option virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717) tools/virtiofsd/fuse_lowlevel.h | 1 + tools/virtiofsd/helper.c | 47 ++++++++++++++++++++++++++++++++ tools/virtiofsd/passthrough_ll.c | 22 ++++++--------- 3 files changed, 56 insertions(+), 14 deletions(-) -- 2.25.3