lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 28 Mar 2022 10:45:45 -0500
From:   Corey Minyard <minyard@....org>
To:     chenchacha <chen.chenchacha@...com>
Cc:     Chen Guanqiao <chen.chenchacha@...mail.com>,
        openipmi-developer@...ts.sourceforge.net,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/3] ipmi: msghandler: check the users and msgs causing
 the system to block

On Mon, Mar 28, 2022 at 11:27:06PM +0800, chenchacha wrote:
> 
> > Anyway, a better solution for the kernel side of things, I think, would
> > be to add limits on the number of users and the number of messages per
> > user.  That's more inline with what other kernel things do.  I know of
> > nothing else in the kernel that does what you are proposing.
> 
> The precondition for add limits, is that people known that ipmi has too many
> users and messages cause problems, this patch is to let administrator known
> that.
> 
> In addition, different machines have different limit, My server my block
> 700,000 messages and it's fine, and my NAS pc went to OOM when it probably
> blocked for 10,000 messages. So, to limit the number of users and messages,
> can wait until we have accumulated some online experience?

I don't mean a limit on the total number of messages, but a limit on the
total number of oustanding messages, and a limit on the total number of
users.  No user should have more than a handful of oustanding message,
and limiting the number of users to 20 or 30 should be more than enough
for any system.

Having those limits in place would probably help you trace down your
problem, as you would hit the limits and it should report it at the
source of the problem.

-corey

> 
> > 
> > Does that make sense?
> > 
> > -corey
> > 
> 
> thanks
> --
> 
> Chen Guanqiao
> > > 
> > > This patch provides a method to view the current number of users and messages in
> > > ipmi, and introduce a simple interface to clear the message queue.
> > > 
> > > Chen Guanqiao (3):
> > >    ipmi: Get the number of user through sysfs
> > >    ipmi: Get the number of message through sysfs
> > >    ipmi: add a interface to clean message queue in sysfs
> > > 
> > >   drivers/char/ipmi/ipmi_msghandler.c | 159 ++++++++++++++++++++++++++++
> > >   1 file changed, 159 insertions(+)
> > > 
> > > -- 
> > > 2.25.1
> > > 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ