|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] tools/pygrub: Restrict depriv operation with RLIMIT_AS
commit 03d6720a4c62c283f9a9f09858eeccd24299b312
Author: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
AuthorDate: Mon Nov 6 15:05:05 2023 +0000
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Nov 23 17:21:01 2023 +0000
tools/pygrub: Restrict depriv operation with RLIMIT_AS
Prevents the depriv pygrub from consuming more than a fixed amount of
memory.
Signed-off-by: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
tools/pygrub/src/pygrub | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
index 2c06684d65..9d51f96070 100755
--- a/tools/pygrub/src/pygrub
+++ b/tools/pygrub/src/pygrub
@@ -39,6 +39,11 @@ SECTOR_SIZE = 512
# pygrub
LIMIT_FSIZE = 128 << 20
+# Unless provided through the env variable PYGRUB_MAX_RAM_USAGE_MB, then
+# this is the maximum amount of memory allowed to be used by the depriv
+# pygrub.
+LIMIT_AS = 2 * LIMIT_FSIZE
+
CLONE_NEWNS = 0x00020000 # mount namespace
CLONE_NEWNET = 0x40000000 # network namespace
CLONE_NEWIPC = 0x08000000 # IPC namespace
@@ -75,6 +80,11 @@ def downgrade_rlimits():
resource.setrlimit(resource.RLIMIT_CORE, (0, 0))
resource.setrlimit(resource.RLIMIT_MEMLOCK, (0, 0))
+ max_ram_usage = LIMIT_AS
+ if "PYGRUB_MAX_RAM_USAGE_MB" in os.environ:
+ max_ram_usage = int(os.environ["PYGRUB_MAX_RAM_USAGE_MB"]) << 20
+ resource.setrlimit(resource.RLIMIT_AS, (max_ram_usage, max_ram_usage))
+
# py2's resource module doesn't know about resource.RLIMIT_MSGQUEUE
#
# TODO: Use resource.RLIMIT_MSGQUEUE after python2 is deprecated
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |