| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Sep 2022 07:20:10 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Manfred Spraul <manfred@...orfullife.com>
Cc: Varsha Teratipally <teratipally@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Davidlohr Bueso <dbueso@...e.de>,
Rafael Aquini <aquini@...hat.com>,
Alexander Mikhalitsyn <alexander.mikhalitsyn@...tuozzo.com>,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: Request to cherry-pick 20401d1058f3f841f35a594ac2fc1293710e55b9
to v5.10 and v5.4
On Sun, Sep 04, 2022 at 07:38:30PM +0200, Manfred Spraul wrote:
> Hi,
>
> On 9/2/22 16:27, Greg Kroah-Hartman wrote:
> > On Fri, Sep 02, 2022 at 01:59:11PM +0000, Varsha Teratipally wrote:
> > > Hi all,
> > >
> > > Commit 20401d1058f3f841f35a594ac2fc1293710e55b9("ipc: replace costly
> > > bailout check in sysvipc_find_ipc()" fixes a high cve and optimizes the
> > > costly loop by adding a checkpoint, which I think might be a good
> > > candidate for the stable branches
> > What do you mean by "high cve"?
> >
> > And that feels like it's an artificial benchmark fixup, what real
> > workload benefits from this change?
>
> Standard ipcs end up parsing /proc/sysvipc/*, thus there are real users
> where the performance of /proc/sysvsem/* matters.
What real users are that? What workload needs that becides monitoring
tools?
>
> But:
>
> The performance of the function was bad since 2007, i.e. why is is now
> urgent? I do not see a bug that must be fixed.
Me either.
thanks,
greg k-h
Powered by blists - more mailing lists