From 4e23f366eb82dff7126b9988c5f77d13540d04e5 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@apollo.backplane.com>
Date: Wed, 1 Dec 2010 09:55:39 -0800
Subject: [PATCH] kernel - Fix mbuf header exhaustion w/ degenerate unix domain
 socket case

* Increase the number of mbuf headers to accomodate a degenerate
  fd-passing case with chains of unix domain sockets, one fd per
  socket.

* This does not address other mbuf exhaustion issues which can crop
  up in a user ddos attack due to the default number of fds a user
  is allowed to own.

Reported-by: Venkatesh Srinivas <me@endeavour.zapto.org>
---
 sys/kern/uipc_mbuf.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/sys/kern/uipc_mbuf.c b/sys/kern/uipc_mbuf.c
index 5cfbb69d78..ab49f8bfba 100644
--- a/sys/kern/uipc_mbuf.c
+++ b/sys/kern/uipc_mbuf.c
@@ -74,6 +74,7 @@
 #include "opt_mbuf_stress_test.h"
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/file.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/kernel.h>
@@ -362,11 +363,15 @@ static void m_reclaim (void);
 static void m_mclref(void *arg);
 static void m_mclfree(void *arg);
 
+/*
+ * NOTE: Default NMBUFS must take into account a possible DOS attack
+ *	 using fd passing on unix domain sockets.
+ */
 #ifndef NMBCLUSTERS
 #define NMBCLUSTERS	(512 + maxusers * 16)
 #endif
 #ifndef NMBUFS
-#define NMBUFS		(nmbclusters * 2)
+#define NMBUFS		(nmbclusters * 2 + maxfiles)
 #endif
 
 /*
-- 
2.41.0