On Wed, Jan 22, 2014 at 04:20:36PM +0100, Hannes Frederic Sowa wrote: > On Wed, Jan 22, 2014 at 07:11:20AM -0800, Dan Ballard wrote: > > diff --git a/net/core/sock.c b/net/core/sock.c > > index 5393b4b..1ff69d1 100644 > > --- a/net/core/sock.c > > +++ b/net/core/sock.c > > @@ -915,6 +915,10 @@ set_rcvbuf: > > sk->sk_max_pacing_rate); > > break; > > > > + case SO_MAX_DGRAM_QLEN: > > + sk->sk_max_ack_backlog = val; > > + break; > > + > > Shouldn't the backlog be capped for unprivileged users to some configurable > value? I even think that max_dgram_qlen should be the upper bound. > > I guess it is not that serious as socket read accounting does account all > packets which sit in the backlog queue. Just a follow-up: sk_max_ack_backlog is also responsible for limiting the af_unix dgram queues. Currently there is no socket accounting for the read side of those unix dgram sockets. I tried to fix this once here, http://patchwork.ozlabs.org/patch/231032/, but until that is done we depend on max_dgram_qlen to limit those queues at all. I hope I can get back to this patch anytime soon, as it solves the problem that a bidirectional protocol ping-ponging with a dgram server socket and not fetching its messages from the backlog queue can bring a server to halt because it doesn't have any send space on the socket anymore. Greetings, Hannes -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
