| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Jan 2016 15:14:04 +0100 From: Jesper Dangaard Brouer <brouer@...hat.com> To: Sasha Levin <sasha.levin@...cle.com> Cc: brouer@...hat.com, pablo@...filter.org, kaber@...sh.net, kadlec@...ckhole.kfki.hu, davem@...emloft.net, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] netfilter: nf_conntrack: use safer way to lock all buckets On Mon, 4 Jan 2016 21:25:46 -0500 Sasha Levin <sasha.levin@...cle.com> wrote: > When we need to lock all buckets in the connection hashtable we'd attempt to > lock 1024 spinlocks, which is way more preemption levels than supported by > the kernel. Furthermore, this behavior was hidden by checking if lockdep is > enabled, and if it was - use only 8 buckets(!). > > Fix this by using a global lock and synchronize all buckets on it when we > need to lock them all. This is pretty heavyweight, but is only done when we > need to resize the hashtable, and that doesn't happen often enough (or at all). > > Signed-off-by: Sasha Levin <sasha.levin@...cle.com> > --- Looks good to me, and I like the idea. Acked-by: Jesper Dangaard Brouer <brouer@...hat.com> -- Best regards, Jesper Dangaard Brouer MSc.CS, Principal Kernel Engineer at Red Hat Author of http://www.iptv-analyzer.org LinkedIn: http://www.linkedin.com/in/brouer
Powered by blists - more mailing lists