@@ -1,4 +1,4 @@
-/*	$NetBSD: sys_select.c,v 1.40 2017/06/01 02:45:13 chs Exp $	*/
+/*	$NetBSD: sys_select.c,v 1.40.2.1 2020/03/08 09:47:28 martin Exp $	*/
 
 /*-
  * Copyright (c) 2007, 2008, 2009, 2010 The NetBSD Foundation, Inc.
@@ -84,7 +84,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_select.c,v 1.40 2017/06/01 02:45:13 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_select.c,v 1.40.2.1 2020/03/08 09:47:28 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -488,15 +488,28 @@
 	int		error;
 	size_t		ni;
 
-	if (nfds > 1000 + curlwp->l_fd->fd_dt->dt_nfiles) {
+	if (nfds > curlwp->l_proc->p_rlimit[RLIMIT_NOFILE].rlim_max + 1000) {
 		/*
-		 * Either the user passed in a very sparse 'fds' or junk!
-		 * The kmem_alloc() call below would be bad news.
-		 * We could process the 'fds' array in chunks, but that
+		 * Prevent userland from causing over-allocation.
+		 * Raising the default limit too high can still cause
+		 * a lot of memory to be allocated, but this also means
+		 * that the file descriptor array will also be large.
+		 *
+		 * To reduce the memory requirements here, we could 
+		 * process the 'fds' array in chunks, but that
 		 * is a lot of code that isn't normally useful.
 		 * (Or just move the copyin/out into pollscan().)
+		 *
 		 * Historically the code silently truncated 'fds' to
 		 * dt_nfiles entries - but that does cause issues.
+		 *
+		 * Using the max limit equivalent to sysctl
+		 * kern.maxfiles is the moral equivalent of OPEN_MAX
+		 * as specified by POSIX.
+		 *
+		 * We add a slop of 1000 in case the resource limit was
+		 * changed after opening descriptors or the same descriptor
+		 * was specified more than once.
 		 */
 		return EINVAL;
 	}