lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20111128145157.GA17678@gondor.apana.org.au>
Date:	Mon, 28 Nov 2011 22:51:57 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	"Fischer, Anna" <anna.fischer@...com>
Cc:	"jhs@...atatu.com" <jhs@...atatu.com>,
	David Miller <davem@...emloft.net>,
	"jesse@...ira.com" <jesse@...ira.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"dev@...nvswitch.org" <dev@...nvswitch.org>
Subject: Re: [GIT PULL v2] Open vSwitch

On Mon, Nov 28, 2011 at 01:54:16PM +0000, Fischer, Anna wrote:
>
> Yes, I mentioned this months ago, and I am surprised this critical issue has never been picked up on and addressed. With a flaw like this there is no chance this component can be used in any serious virtualization deployment where different customers share the same physical server.
> 
> The path up to user-space needs to be designed in a multi-queue fashion, so that each vPort has its own queue up to user-space. Ideally those queues also need to be rate controlled in some form, so that no DoS is possible.

Actually, rereading the patch it would appear that the interface
does allow the use of multiple sockets at the user-space end.
Whether the user-space daemon actually does so is another matter
of course :)

There are other issues with the hash implementation.  For example,
there seems to be no limit on the number of collisions in each
bucket.  As the hash table growth code simply continues when it
fails to expand, this means that the number of collisions may
rise without bound.

At least this is each to fix, by using any one of our other
similar hash table implementations as an example.

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ