lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wiENdk_AXGRrmbbOYqq9zYptdv=vYszgG2ZzztDUTJwRA@mail.gmail.com>
Date:   Fri, 3 Sep 2021 15:20:58 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Eric Dumazet <eric.dumazet@...il.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Eric Dumazet <edumazet@...gle.com>
Subject: Re: dozens of sysbot reports

On Fri, Sep 3, 2021 at 1:44 PM Eric Dumazet <eric.dumazet@...il.com> wrote:
>
> I have a pile of (still under triage) sysbot reports coming after one of your patch
>
> Typical stack trace:
>
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 24889 at mm/util.c:597 kvmalloc_node+0x111/0x120 mm/util.c:597
> Call Trace:
>  hash_ipport_create+0x3dd/0x1220 net/netfilter/ipset/ip_set_hash_gen.h:1524
>  ip_set_create+0x782/0x15a0 net/netfilter/ipset/ip_set_core.c:1100
>  nfnetlink_rcv_msg+0xbc9/0x13f0 net/netfilter/nfnetlink.c:296

So the real question is mainly just whether those huge allocations
actually make sense or not.

If they truly are sensible, we can remove the warning. But it would be
good to perhaps look at them more.

Because no:

> Do we want to fix all problematic callers, with ad-hoc patches like

Not insane patches like this, no.

>  ip_set_alloc(size_t size)
>  {
> +       if (size > INT_MAX)
> +               return NULL;
>         return kvzalloc(size, GFP_KERNEL_ACCOUNT);
>  }

But does that kind of size really make sense? I'm looking at the
particular caller, is it *really* senseible to have a 4GB+ hash table
size?

IOW, I don't think we want that warning to cause the above kinds of
ad-hoc patches.

But I _do_ want that warning to make people go "is that allocation
truly sensible"?

IOW, it sounds like you can send some netlink message that causes
insane hash size allocations. Shouldn't _that_ be fixed?

                   Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ