Blob Blame Raw
From 34c90ca8448890a439aa4282025955b0dfcfb1c3 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 23 Jan 2020 14:38:13 -0500
Subject: [PATCH 01/12] Issue 49990 - Need to enforce a hard maximum limit for
 file descriptors

Description: on some platforms the maximum FD limit is high it can cause
             a OOM at server startup.  So we need to add a hard maximum
             limit.

relates: https://pagure.io/389-ds-base/issue/49990

Reviewed by: firstyear & tbordaz (Thanks!!)
---
 ldap/servers/slapd/libglobs.c | 10 +++++++---
 ldap/servers/slapd/slap.h     |  4 ++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 66170ebc6..348de43cd 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1559,7 +1559,9 @@ FrontendConfig_init(void)
 #endif
     /* Default the maximum fd's to the maximum allowed */
     if (getrlimit(RLIMIT_NOFILE, &rlp) == 0) {
-        maxdescriptors = (int64_t)rlp.rlim_max;
+        if ((int64_t)rlp.rlim_max < SLAPD_DEFAULT_MAXDESCRIPTORS) {
+            maxdescriptors = (int64_t)rlp.rlim_max;
+        }
     }
 
     /* Take the lock to make sure we barrier correctly. */
@@ -4324,7 +4326,7 @@ config_set_maxdescriptors(const char *attrname, char *value, char *errorbuf, int
 {
     int32_t retVal = LDAP_SUCCESS;
     int64_t nValue = 0;
-    int64_t maxVal = 524288;
+    int64_t maxVal = SLAPD_DEFAULT_MAXDESCRIPTORS;
     struct rlimit rlp;
     char *endp = NULL;
 
@@ -4335,7 +4337,9 @@ config_set_maxdescriptors(const char *attrname, char *value, char *errorbuf, int
     }
 
     if (0 == getrlimit(RLIMIT_NOFILE, &rlp)) {
-        maxVal = (int)rlp.rlim_max;
+        if ((int64_t)rlp.rlim_max < maxVal) {
+            maxVal = (int64_t)rlp.rlim_max;
+        }
     }
 
     errno = 0;
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 44f6be97a..96ce7d402 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -348,8 +348,8 @@ typedef void (*VFPV)(); /* takes undefined arguments */
 
 #define SLAPD_DEFAULT_PAGEDSIZELIMIT 0
 #define SLAPD_DEFAULT_PAGEDSIZELIMIT_STR "0"
-#define SLAPD_DEFAULT_MAXDESCRIPTORS 8192
-#define SLAPD_DEFAULT_MAXDESCRIPTORS_STR "8192"
+#define SLAPD_DEFAULT_MAXDESCRIPTORS 1048576
+#define SLAPD_DEFAULT_MAXDESCRIPTORS_STR "1048576"
 #define SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL 40
 #define SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL_STR "40"
 #define SLAPD_DEFAULT_GROUPEVALNESTLEVEL 0
-- 
2.21.1