sbrk(2) broken

Robert Watson rwatson at
Fri Jan 4 05:26:38 PST 2008

On Fri, 4 Jan 2008, Dag-Erling Smørgrav wrote:

> Robert Watson <rwatson at> writes:
>> Dag-Erling Smørgrav <des at> writes:
>>> Robert Watson <rwatson at> writes:
>>>> The right answer is presumably to introduce a new LIMIT_SWAP, which 
>>>> limits the allocation of anonymous memory by processes, and size it to 
>>>> something like 90% of swap space by default.
>>> Not a good solution on its own.  You need a per-process limit as well, 
>>> otherwise a malloc() bomb will still cause other processes to fail 
>>> randomly.
>> That was what I had in mind, the above should read RLIMIT_SWAP.
> You don't want the default to be so high.  You want a low default, with the 
> possibility for the admin to increase the limit for a particular user in 
> login.conf or similar without rebooting (which is currently not possible 
> since the default datasize == maxdsiz, which can only be changed in the 
> kernel config or loader.conf)

I'm fine with also having global limits.

> You may also want to have a collective limit for unprivileged users, so root 
> will still be able to log in if something goes wrong.

This will presumably only work for console logins, as sshd (etc) will depend 
on unprivileged users, but perhaps that is fine.  I'm less concerned with the 
details of the implementation or policy than that we simply be able to support 
even a basic policy and have it configured by default to prevent 

Robert N M Watson
Computer Laboratory
University of Cambridge

More information about the freebsd-current mailing list