| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANEQ_++RSG=cOa-hWcHefqVa5_=FRo+PdwuJbE2A-NHA_RNXXQ@mail.gmail.com>
Date: Wed, 16 Jun 2021 16:19:54 +0300
From: Amit Klein <aksecurity@...il.com>
To: David Laight <David.Laight@...lab.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
Eric Dumazet <edumazet@...gle.com>, Willy Tarreau <w@....eu>,
"David S. Miller" <davem@...emloft.net>,
Sasha Levin <sashal@...nel.org>
Subject: Re: [PATCH 5.4 175/244] inet: use bigger hash table for IP ID generation
On Wed, Jun 16, 2021 at 1:19 PM David Laight <David.Laight@...lab.com> wrote:
>
> Can someone explain why this is a good idea for a 'normal' system?
>
This patch mitigates some techniques that leak internal state due to
table hash collisions.
> Why should my desktop system 'waste' 2MB of memory on a massive
> hash table that I don't need.
In the patch's defense, it only consumes 2MB when the physical RAM is >= 16GB.
> It might be needed by systems than handle massive numbers
> of concurrent connections - but that isn't 'most systems'.
>
> Surely it would be better to detect when the number of entries
> is comparable to the table size and then resize the table.
Security-wise, this approach is not effective. The table size was
increased to reduce the likelihood of hash collisions. These start
happening when you have ~N^(1/2) elements (for table size N), so
you'll need to resize pretty quickly anyway.
Powered by blists - more mailing lists