Subject: Re: Fork bomb protection patch
To: NetBSD Kernel Technical Discussion List <tech-kern@netbsd.org>
From: Lord Isildur <mrfusion@uranium.vaxpower.org>
List: tech-kern
Date: 12/04/2002 19:21:50
On Wed, 4 Dec 2002, Greg A. Woods wrote:
> > Problem is that we can't 'deny further forks', since the program
>
> I think he means "deny the requesting process _this_ fork(), as we
> already would do if the table was full or the per-user limit was
> reached."
yes, this is what I meant.
>
> The sleep is unnecessary, undesirable, and really very inelegant --
> programs that want to fork() reliably have either already learned to
> deal with the issue in some way, or they are broken. Forcing them to
> sleep doesn't help anything -- the ones that are not buggy will sleep()
> anyway.
>
> Fearing a bunch of broken or purposefully CPU-looping processes is
> irrational. If that's a problem then the solution lies in adjusting
> their scheduling priorities, not in forcing them to sleep iff they try
> to fork()!
you put it more clearly than i did. just deny the fork(), the sleep is
really unnecessary and pretty ugly..
isildur