In sendmsg() permit at most 10% of maxfiles to be in-flight

during CMSG_DATA SCM_RIGHTS fd transfers. If this is exceeded,
return EMFILE.
ok claudio guenther gilles

2 files changed, 11 insertions, 3 deletions

diff --git a/lib/libc/sys/send.2 b/lib/libc/sys/send.2
index 35361ef5368..d58588f5c91 100644
--- a/lib/libc/sys/send.2
+++ b/lib/libc/sys/send.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: send.2,v 1.25 2011/12/24 08:46:48 jmc Exp $
+.\"	$OpenBSD: send.2,v 1.26 2012/04/11 14:08:27 deraadt Exp $
 .\"	$NetBSD: send.2,v 1.6 1996/01/15 01:17:18 thorpej Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)send.2	8.2 (Berkeley) 2/21/94
 .\"
-.Dd $Mdocdate: December 24 2011 $
+.Dd $Mdocdate: April 11 2012 $
 .Dt SEND 2
 .Os
 .Sh NAME
@@ -221,6 +221,11 @@ was less than 0 or larger than
 .Dv IOV_MAX .
 .It Bq Er EAFNOSUPPORT
 Addresses in the specified address family cannot be used with this socket.
+.It Bq Er EMFILE
+The message contains control information utilizing
+.Xr CMSG_DATA 3
+to pass file descriptors, but too many file descriptors
+are already in-flight.
 .El
 .Sh SEE ALSO
 .Xr fcntl 2 ,
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index b7b26095106..4714a386c8e 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_usrreq.c,v 1.55 2011/07/06 06:31:38 matthew Exp $	*/
+/*	$OpenBSD: uipc_usrreq.c,v 1.56 2012/04/11 14:08:27 deraadt Exp $	*/
 /*	$NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $	*/
 
 /*
@@ -775,6 +775,9 @@ unp_internalize(struct mbuf *control, struct proc *p)
 		return (EINVAL);
 	nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof (int);
 
+	if (unp_rights + nfds > maxfiles / 10)
+		return (EMFILE);
+
 	/* Make sure we have room for the struct file pointers */
 morespace:
 	neededspace = CMSG_SPACE(nfds * sizeof(struct file *)) -