lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sun, 27 Mar 2022 20:38:42 -0500
From:   Corey Minyard <minyard@....org>
To:     Chen Guanqiao <chen.chenchacha@...mail.com>
Cc:     openipmi-developer@...ts.sourceforge.net,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/3] ipmi: msghandler: check the users and msgs causing
 the system to block

On Mon, Mar 28, 2022 at 12:47:41AM +0800, Chen Guanqiao wrote:
> At present, a scenario has been found that there are too many ipmi messages in a
> short period of time, and a large number of users and messages are blocked in
> the ipmi modules, resulting in a large amount of system memory being occupied by
> ipmi, and ipmi communication always fails.
> 
> Frequent calls ipmi and failure of hardware communication will cause this
> exception. And ipmi has no way to detect and perceive this problem, therefore
> it is impossible to located and perceived online.

Hmm.  So you have an application that just keeps sending IPMI messages
and not waiting for responses?  I think the first order of business
would be to fix your applications to not do that.

The ipmi driver will eventually clean things out, but the timeouts are
pretty long.  In the 5 second range per message.

However, as you say, there are no limits on users or messages, and that
is perhaps a problem.  I mean, only root can send IPMI message, and root
can do a lot more harm than that.  But it's probably bad in principle.
Nobody has ever reported this problem before.

Anyway, a better solution for the kernel side of things, I think, would
be to add limits on the number of users and the number of messages per
user.  That's more inline with what other kernel things do.  I know of
nothing else in the kernel that does what you are proposing.

Does that make sense?

-corey

> 
> This patch provides a method to view the current number of users and messages in
> ipmi, and introduce a simple interface to clear the message queue.
> 
> Chen Guanqiao (3):
>   ipmi: Get the number of user through sysfs
>   ipmi: Get the number of message through sysfs
>   ipmi: add a interface to clean message queue in sysfs
> 
>  drivers/char/ipmi/ipmi_msghandler.c | 159 ++++++++++++++++++++++++++++
>  1 file changed, 159 insertions(+)
> 
> -- 
> 2.25.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ