diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-12-05 22:52:53 +0100 |
---|---|---|
committer | Lukáš Nykrýn <lnykryn@redhat.com> | 2019-02-11 10:51:14 +0100 |
commit | a4d1779b5ee28b1c27c509a1baebf881943cad1b (patch) | |
tree | cb5b29d2de07d5a9e5643425d352bf2461ab6e87 | |
parent | ed028441cc2ef0ffb9771d7266d40f18910f0ae1 (diff) | |
download | systemd-a4d1779b5ee28b1c27c509a1baebf881943cad1b.tar.gz |
journald: lower the maximum entry size limit to ½ for non-sealed fds
We immediately read the whole contents into memory, making thigs much more
expensive. Sealed fds should be used instead since they are more efficient
on our side.
(cherry-picked from commit 6670c9de196c8e2d5e84a8890cbb68f70c4db6e3)
Related: #1664977
-rw-r--r-- | src/journal/journald-native.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c index 110ab3641c..da62448ca6 100644 --- a/src/journal/journald-native.c +++ b/src/journal/journald-native.c @@ -380,8 +380,10 @@ void server_process_native_file( if (st.st_size <= 0) return; - if (st.st_size > ENTRY_SIZE_MAX) { - log_error("File passed too large. Ignoring."); + /* When !sealed, set a lower memory limit. We have to read the file, + * effectively doubling memory use. */ + if (st.st_size > ENTRY_SIZE_MAX / (sealed ? 1 : 2)) { + log_error("File passed too large (%"PRIu64" bytes). Ignoring.", (uint64_t) st.st_size); return; } |