lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <bb7d3b60-0629-ea80-c4ae-976a76abb034@huawei.com> Date: Fri, 13 Apr 2018 09:25:37 +0800 From: Chao Yu <yuchao0@...wei.com> To: Jaegeuk Kim <jaegeuk@...nel.org> CC: <linux-f2fs-devel@...ts.sourceforge.net>, <linux-kernel@...r.kernel.org>, <chao@...nel.org> Subject: Re: [PATCH] f2fs: set deadline to drop expired inmem pages On 2018/4/13 9:04, Jaegeuk Kim wrote: > On 04/10, Chao Yu wrote: >> Hi Jaegeuk, >> >> On 2018/4/8 16:13, Chao Yu wrote: >>> f2fs doesn't allow abuse on atomic write class interface, so except >>> limiting in-mem pages' total memory usage capacity, we need to limit >>> start-commit time as well, otherwise we may run into infinite loop >>> during foreground GC because target blocks in victim segment are >>> belong to atomic opened file for long time. >>> >>> Now, we will check the condition with f2fs_balance_fs_bg in >>> background threads, once if user doesn't commit data exceeding 30 >>> seconds, we will drop all cached data, so I expect it can keep our >>> system running safely to prevent Dos attack. >> >> Is it worth to add this patch to avoid abuse on atomic write interface by user? > > Hmm, hope to see a real problem first in this case. I think this can be a more critical security leak instead of a potential issue which we can wait for someone reporting that can be too late. For example, user can simply write a huge file whose data spread in all f2fs segments, once user open that file as atomic, foreground GC will suffer deadloop, causing denying any further service of f2fs. Thanks, > >> Thanks, > > . >
Powered by blists - more mailing lists