Skip to content

Commit bc3ea6c

Browse files
nixprimegvisor-bot
nixprime
authored and
gvisor-bot
committed
tmpfs: limit regularFile.Translate() fill range
When e.g. an application thread takes a page fault on an mmapped file, MM calls `memmap.Mappable.Translate()` to obtain the corresponding host FD range that should be mapped into the application's address space. It passes both the range that *must* be mapped (e.g. the faulting page) as `required`, and the maximum range that *may* be mapped (the previously-unfaulted part of the corresponding VMA) as `optional`, such that file implementations can map more than `required` to avoid future page faults. Prior to this CL, `tmpfs.regularFile.Translate()` always returned translations up to `optional`, under the assumption that allocating larger ranges from `pgalloc.MemoryFile` has negligible incremental cost. This behavior dates to the introduction of `memmap.Mappable.Translate()` (cl/182882705) and thus predates the implementation of tmpfs size limits (cl/442686814). Now that the latter exists, unconditionally translating - and therefore allocating pages - up to `optional` can result in hitting tmpfs size limits prematurely. Thus: Constrain optional translations returned by `tmpfs.regularFile.Translate()`, applying the same logic as `gofer.maxFillRange()`. PiperOrigin-RevId: 712742057
1 parent 5e6589e commit bc3ea6c

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

pkg/sentry/fsimpl/tmpfs/regular_file.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -309,6 +309,19 @@ func (rf *regularFile) Translate(ctx context.Context, required, optional memmap.
309309
if optional.End > pgend {
310310
optional.End = pgend
311311
}
312+
// Constrain allocation to at most maxOptionalBytes or required.Length(),
313+
// whichever is greater.
314+
const maxOptionalBytes = 64 << 10 // 64 KB, arbitrarily matches Linux's default fault_around_pages
315+
if required.Length() >= maxOptionalBytes {
316+
optional = required
317+
} else {
318+
if optional.Length() > maxOptionalBytes {
319+
optional.Start = required.Start
320+
if optional.Length() > maxOptionalBytes {
321+
optional.End = optional.Start + maxOptionalBytes
322+
}
323+
}
324+
}
312325
pagesToFill := rf.data.PagesToFill(required, optional)
313326
if !rf.inode.fs.accountPages(pagesToFill) {
314327
// If we can not accommodate pagesToFill pages, then retry with just

0 commit comments

Comments
 (0)