Re: [PATCH 054/104] virtiofsd: set maximum RLIMIT_NOFILE limit

Wed, 15 Jan 2020 09:39:40 -0800 

* Philippe Mathieu-Daudé ([email protected]) wrote:
> On 12/12/19 5:38 PM, Dr. David Alan Gilbert (git) wrote:
> > From: Stefan Hajnoczi <[email protected]>
> > 
> > virtiofsd can exceed the default open file descriptor limit easily on
> > most systems.  Take advantage of the fact that it runs as root to raise
> > the limit.
> > 
> > Signed-off-by: Stefan Hajnoczi <[email protected]>
> > ---
> >   tools/virtiofsd/passthrough_ll.c | 32 ++++++++++++++++++++++++++++++++
> >   1 file changed, 32 insertions(+)
> > 
> > diff --git a/tools/virtiofsd/passthrough_ll.c 
> > b/tools/virtiofsd/passthrough_ll.c
> > index ab318a6f36..139bf08f4c 100644
> > --- a/tools/virtiofsd/passthrough_ll.c
> > +++ b/tools/virtiofsd/passthrough_ll.c
> > @@ -52,6 +52,7 @@
> >   #include <sys/file.h>
> >   #include <sys/mount.h>
> >   #include <sys/prctl.h>
> > +#include <sys/resource.h>
> >   #include <sys/syscall.h>
> >   #include <sys/types.h>
> >   #include <sys/wait.h>
> > @@ -2250,6 +2251,35 @@ static void setup_sandbox(struct lo_data *lo, struct 
> > fuse_session *se)
> >       setup_seccomp();
> >   }
> > +/* Raise the maximum number of open file descriptors */
> > +static void setup_nofile_rlimit(void)
> > +{
> > +    const rlim_t max_fds = 1000000;
> 
> 'static const'?

Why?

> Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
> 
Thanks!

> > +    struct rlimit rlim;
> > +
> > +    if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
> > +        fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
> > +        exit(1);
> > +    }
> > +
> > +    if (rlim.rlim_cur >= max_fds) {
> > +        return; /* nothing to do */
> > +    }
> > +
> > +    rlim.rlim_cur = max_fds;
> > +    rlim.rlim_max = max_fds;
> > +
> > +    if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
> > +        /* Ignore SELinux denials */
> > +        if (errno == EPERM) {
> > +            return;
> > +        }
> > +
> > +        fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n");
> > +        exit(1);
> > +    }
> > +}
> > +
> >   int main(int argc, char *argv[])
> >   {
> >       struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
> > @@ -2371,6 +2401,8 @@ int main(int argc, char *argv[])
> >       fuse_daemonize(opts.foreground);
> > +    setup_nofile_rlimit();
> > +
> >       /* Must be before sandbox since it wants /proc */
> >       setup_capng();
> > 
> 
--
Dr. David Alan Gilbert / [email protected] / Manchester, UK

Reply via email to