From eee2da8296e69bdb47747ea36f4d186e6a133c96 Mon Sep 17 00:00:00 2001
From: Alex Wilson <alex.wilson@joyent.com>
Date: Tue, 25 Sep 2018 09:31:08 -0700
Subject: OS-4407 OpenSSH 7.5+ broken in lx brand Reviewed by: Robert Mustacchi
 <rm@joyent.com> Reviewed by: Mike Zeller <mike.zeller@joyent.com> Approved
 by: Robert Mustacchi <rm@joyent.com>

---
 usr/src/uts/common/brand/lx/syscall/lx_poll.c | 28 +++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/usr/src/uts/common/brand/lx/syscall/lx_poll.c b/usr/src/uts/common/brand/lx/syscall/lx_poll.c
index 92852e72ae..e54130aff1 100644
--- a/usr/src/uts/common/brand/lx/syscall/lx_poll.c
+++ b/usr/src/uts/common/brand/lx/syscall/lx_poll.c
@@ -26,6 +26,12 @@
 #include <sys/schedctl.h>
 #include <sys/lx_signal.h>
 
+/*
+ * Max number of FDs that can be given to poll() or select() before we return
+ * EINVAL (the Linux man page documents this value as {OPEN_MAX}, and defaults
+ * it to this value).
+ */
+int lx_poll_max_fds = 1048576;
 
 /* From uts/common/syscall/poll.c */
 extern int poll_copyin(pollstate_t *, pollfd_t *, nfds_t);
@@ -172,11 +178,12 @@ lx_poll_common(pollfd_t *fds, nfds_t nfds, timespec_t *tsp, k_sigset_t *ksetp)
 	 * Initialize pollstate and copy in pollfd data if present.
 	 */
 	if (nfds != 0) {
-		if (nfds > p->p_fno_ctl) {
-			mutex_enter(&p->p_lock);
-			(void) rctl_action(rctlproc_legacy[RLIMIT_NOFILE],
-			    p->p_rctls, p, RCA_SAFE);
-			mutex_exit(&p->p_lock);
+		/*
+		 * Cap the number of FDs they can give us so we don't go
+		 * allocating a huge chunk of memory. Note that this is *not*
+		 * the RLIMIT_NOFILE rctl.
+		 */
+		if (nfds > lx_poll_max_fds) {
 			error = EINVAL;
 			goto pollout;
 		}
@@ -587,11 +594,12 @@ lx_select_common(int nfds, long *rfds, long *wfds, long *efds,
 	 * Initialize pollstate and copy in pollfd data if present.
 	 */
 	if (nfds != 0) {
-		if (nfds > p->p_fno_ctl) {
-			mutex_enter(&p->p_lock);
-			(void) rctl_action(rctlproc_legacy[RLIMIT_NOFILE],
-			    p->p_rctls, p, RCA_SAFE);
-			mutex_exit(&p->p_lock);
+		/*
+		 * Cap the number of FDs they can give us so we don't go
+		 * allocating a huge chunk of memory. Note that this is *not*
+		 * the RLIMIT_NOFILE rctl.
+		 */
+		if (nfds > lx_poll_max_fds) {
 			error = EINVAL;
 			goto out;
 		}
-- 
cgit v1.2.3