|
 |
1d442b |
From: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
1d442b |
Date: Mon, 27 Jan 2020 19:01:34 +0000
|
|
|
1d442b |
Subject: [PATCH] virtiofsd: set maximum RLIMIT_NOFILE limit
|
|
|
1d442b |
MIME-Version: 1.0
|
|
|
1d442b |
Content-Type: text/plain; charset=UTF-8
|
|
|
1d442b |
Content-Transfer-Encoding: 8bit
|
|
|
1d442b |
|
|
|
1d442b |
virtiofsd can exceed the default open file descriptor limit easily on
|
|
|
1d442b |
most systems. Take advantage of the fact that it runs as root to raise
|
|
|
1d442b |
the limit.
|
|
|
1d442b |
|
|
|
1d442b |
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
1d442b |
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
1d442b |
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
1d442b |
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
|
1d442b |
(cherry picked from commit 01a6dc95ec7f71eeff9963fe3cb03d85225fba3e)
|
|
|
1d442b |
---
|
|
|
1d442b |
tools/virtiofsd/passthrough_ll.c | 32 ++++++++++++++++++++++++++++++++
|
|
|
1d442b |
1 file changed, 32 insertions(+)
|
|
|
1d442b |
|
|
|
1d442b |
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
|
|
|
1d442b |
index d53cb1e005..c281d817af 100644
|
|
|
1d442b |
--- a/tools/virtiofsd/passthrough_ll.c
|
|
|
1d442b |
+++ b/tools/virtiofsd/passthrough_ll.c
|
|
|
1d442b |
@@ -53,6 +53,7 @@
|
|
|
1d442b |
#include <sys/file.h>
|
|
|
1d442b |
#include <sys/mount.h>
|
|
|
1d442b |
#include <sys/prctl.h>
|
|
|
1d442b |
+#include <sys/resource.h>
|
|
|
1d442b |
#include <sys/syscall.h>
|
|
|
1d442b |
#include <sys/types.h>
|
|
|
1d442b |
#include <sys/wait.h>
|
|
|
1d442b |
@@ -2268,6 +2269,35 @@ static void setup_sandbox(struct lo_data *lo, struct fuse_session *se)
|
|
|
1d442b |
setup_seccomp();
|
|
|
1d442b |
}
|
|
|
1d442b |
|
|
|
1d442b |
+/* Raise the maximum number of open file descriptors */
|
|
|
1d442b |
+static void setup_nofile_rlimit(void)
|
|
|
1d442b |
+{
|
|
|
1d442b |
+ const rlim_t max_fds = 1000000;
|
|
|
1d442b |
+ struct rlimit rlim;
|
|
|
1d442b |
+
|
|
|
1d442b |
+ if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
|
|
|
1d442b |
+ fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
|
|
|
1d442b |
+ exit(1);
|
|
|
1d442b |
+ }
|
|
|
1d442b |
+
|
|
|
1d442b |
+ if (rlim.rlim_cur >= max_fds) {
|
|
|
1d442b |
+ return; /* nothing to do */
|
|
|
1d442b |
+ }
|
|
|
1d442b |
+
|
|
|
1d442b |
+ rlim.rlim_cur = max_fds;
|
|
|
1d442b |
+ rlim.rlim_max = max_fds;
|
|
|
1d442b |
+
|
|
|
1d442b |
+ if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
|
|
|
1d442b |
+ /* Ignore SELinux denials */
|
|
|
1d442b |
+ if (errno == EPERM) {
|
|
|
1d442b |
+ return;
|
|
|
1d442b |
+ }
|
|
|
1d442b |
+
|
|
|
1d442b |
+ fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n");
|
|
|
1d442b |
+ exit(1);
|
|
|
1d442b |
+ }
|
|
|
1d442b |
+}
|
|
|
1d442b |
+
|
|
|
1d442b |
int main(int argc, char *argv[])
|
|
|
1d442b |
{
|
|
|
1d442b |
struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
|
|
|
1d442b |
@@ -2389,6 +2419,8 @@ int main(int argc, char *argv[])
|
|
|
1d442b |
|
|
|
1d442b |
fuse_daemonize(opts.foreground);
|
|
|
1d442b |
|
|
|
1d442b |
+ setup_nofile_rlimit();
|
|
|
1d442b |
+
|
|
|
1d442b |
/* Must be before sandbox since it wants /proc */
|
|
|
1d442b |
setup_capng();
|
|
|
1d442b |
|