diff options
author | Chirantan Ekbote <chirantan@chromium.org> | 2019-12-09 14:58:54 +0900 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-12-09 23:39:16 +0000 |
commit | aa77ea40454c460a7189860f1ea146c45e444dad (patch) | |
tree | 1aa1a8544a2ad434000884c52ec334ecf2ceaa64 /src/linux.rs | |
parent | c4a871fb70597aa6ce1773ec905c4704be519940 (diff) | |
download | crosvm-aa77ea40454c460a7189860f1ea146c45e444dad.tar crosvm-aa77ea40454c460a7189860f1ea146c45e444dad.tar.gz crosvm-aa77ea40454c460a7189860f1ea146c45e444dad.tar.bz2 crosvm-aa77ea40454c460a7189860f1ea146c45e444dad.tar.lz crosvm-aa77ea40454c460a7189860f1ea146c45e444dad.tar.xz crosvm-aa77ea40454c460a7189860f1ea146c45e444dad.tar.zst crosvm-aa77ea40454c460a7189860f1ea146c45e444dad.zip |
linux.rs: Don't use /proc/sys/fs/file-max
Don't use /proc/sys/fs/file-max when setting the max open file limit for the virtio-fs device. This will fail when the value is larger than the hard limit set for the crosvm process, unless it also has CAP_SYS_ADMIN in the initial namespace. Instead, just use the hard limit as returned by `prlimit64`. Increasing the soft limit up to the hard limit is allowed even for completely unprivileged processes. It is up to the process that spawned crosvm to ensure that the hard limit is high enough that the virtio-fs server will not run out of fds. BUG=b:142344095 TEST=Start a termina VM with a virtio-fs device after applying CL:1939193 Change-Id: I4fb4c33ffe6378ed3109fddcb0fc2bf3da850252 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1957767 Tested-by: Chirantan Ekbote <chirantan@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Auto-Submit: Chirantan Ekbote <chirantan@chromium.org> Commit-Queue: Stephen Barber <smbarber@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
Diffstat (limited to 'src/linux.rs')
-rw-r--r-- | src/linux.rs | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/linux.rs b/src/linux.rs index 1c606b9..0cc341d 100644 --- a/src/linux.rs +++ b/src/linux.rs @@ -18,6 +18,7 @@ use std::num::ParseIntError; use std::os::unix::io::{AsRawFd, FromRawFd, RawFd}; use std::os::unix::net::UnixStream; use std::path::{Path, PathBuf}; +use std::ptr; use std::str; use std::sync::{Arc, Barrier}; use std::thread; @@ -290,12 +291,17 @@ impl AsRawFd for TaggedControlSocket { } fn get_max_open_files() -> Result<libc::rlim64_t> { - let mut buf = String::with_capacity(32); - File::open("/proc/sys/fs/file-max") - .and_then(|mut f| f.read_to_string(&mut buf)) - .map_err(Error::GetMaxOpenFiles)?; - - Ok(buf.trim().parse().map_err(Error::ParseMaxOpenFiles)?) + let mut buf = mem::MaybeUninit::<libc::rlimit64>::zeroed(); + + // Safe because this will only modify `buf` and we check the return value. + let res = unsafe { libc::prlimit64(0, libc::RLIMIT_NOFILE, ptr::null(), buf.as_mut_ptr()) }; + if res == 0 { + // Safe because the kernel guarantees that the struct is fully initialized. + let limit = unsafe { buf.assume_init() }; + Ok(limit.rlim_max) + } else { + Err(Error::GetMaxOpenFiles(io::Error::last_os_error())) + } } fn create_base_minijail( |