lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <49C77FC8.2010803@netfilter.org>
Date:	Mon, 23 Mar 2009 13:25:44 +0100
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	Patrick McHardy <kaber@...sh.net>
CC:	netdev@...r.kernel.org, davem@...emloft.net
Subject: Re: [PATCH] netlink: add NETLINK_NO_ENOBUFS socket flag

Patrick McHardy wrote:
> Pablo Neira Ayuso wrote:
>> Patrick McHardy wrote:
>>> - NETLINK_NO_CONGESTION_CONTROL seems a bit more descriptive than
>>>   "NO_ENOBUFS"
>>>
>>> - The ENOBUFS error itself is actually not the problem, but the
>>>   congestion handling. It still makes sense to notify userspace
>>>   of congestion. I'd suggest to deliver the error, but avoid setting
>>>   the congestion bit.
>>
>> I thought about this choice but I see one problem with this. The ENOBUFS
>> error is attached to the congestion control.
> 
> What do you mean by "attached to"? Congestion control is done by
> setting and testing bit 0 of nlk->state.

Yes, but once we set that bit to 1, we stop sending ENOBUFS to
userspace. So I think that congestion also applies to error reporting,
with "attached to" I meant "related" :).

>> If we keep reporting
>> ENOBUFS errors to userspace with no congestion control, the listener may
>> keep receiving ENOBUFS indefinitely. In other words, the congestion
>> control seems to me like a way to avoid spamming ENOBUFS errors to
>> userspace.
> 
> The error will be cleared by the next call to recvmsg().

Yes, but think about this scenario:

1) We hit ENOBUFS, you call recvmsg() you get the error, and error is
cleared.
2) You're going to call recvmsg() again but before doing so, we hit
ENOBUFS again. So you call recvmsg() and you get the error again.

I think that this may lead to indefinitely getting ENOBUFS without
retrieving data under very heavy load.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ