lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250222090208.2b7aa864@pumpkin>
Date: Sat, 22 Feb 2025 09:02:08 +0000
From: David Laight <david.laight.linux@...il.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Michal Koutný <mkoutny@...e.com>, Christian Brauner
 <brauner@...nel.org>, Alexander Mikhalitsyn <alexander@...alicyn.com>,
 linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-fsdevel@...r.kernel.org, linux-trace-kernel@...r.kernel.org, Jonathan
 Corbet <corbet@....net>, Kees Cook <kees@...nel.org>, "Eric W . Biederman"
 <ebiederm@...ssion.com>, Oleg Nesterov <oleg@...hat.com>
Subject: Re: [PATCH 2/2] pid: Optional first-fit pid allocation

On Fri, 21 Feb 2025 16:18:54 -0800
Andrew Morton <akpm@...ux-foundation.org> wrote:

> On Fri, 21 Feb 2025 18:02:49 +0100 Michal Koutný <mkoutny@...e.com> wrote:
> 
> > --- a/Documentation/admin-guide/sysctl/kernel.rst
> > +++ b/Documentation/admin-guide/sysctl/kernel.rst
> > @@ -1043,6 +1043,8 @@ The last pid allocated in the current (the one task using this sysctl
> >  lives in) pid namespace. When selecting a pid for a next task on fork
> >  kernel tries to allocate a number starting from this one.
> >  
> > +When set to -1, first-fit pid numbering is used instead of the next-fit.
> > +  
> 
> This seems thin.  Is there more we can tell our users?  What are the
> visible effects of this?  What are the benefits?  Why would they want
> to turn it on?
> 
> I mean, there are veritable paragraphs in the changelogs, but just a
> single line in the user-facing docs.  Seems there could be more...

It also seems a good way of being able to predict the next pid and
doing all the 'nasty' things that allows because there is no guard
time on pid reuse.

Both first-fit and next-fit have the same issue.
Picking a random pid is better.

Or pick the pid after finding an empty slot in the 'hash' table.
Then you guarantee O(1) lookup and can easily stop pids being reused
quickly.

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ