| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Mar 2014 17:57:46 -0400 From: Eric Paris <eparis@...hat.com> To: David Miller <davem@...emloft.net> Cc: ebiederm@...ssion.com, sgrubb@...hat.com, rgb@...hat.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-audit@...hat.com, akpm@...ux-foundation.org Subject: Re: [RFC][PATCH] audit: Simplify by assuming the callers socket buffer is large enough On Mon, 2014-03-10 at 15:30 -0400, David Miller wrote: > From: Eric Paris <eparis@...hat.com> > Date: Fri, 07 Mar 2014 17:52:02 -0500 > > > The second user Eric patched, audit_send_list(), can grow without bound. > > The number of skb's is going to be the size of the number of audit rules > > that root loaded. We run the list of rules, generate an skb per rule, > > and add all of them to an skb_buff_head. We then pass the skb_buff_head > > to a kthread so that current will be able to read/drain the socket. > > There really is no limit to how big the skb_buff_head could possibly > > grow. This doesn't necessarily absolutely have to be lossless but it > > can actually quite reasonably be a whole lot of data that needs to get > > sent. I know of no way to deliver unbounded lengths of data to the > > current task via netlink without blocking on more space in the socket. > > Even if the socket rmem was MAX_INT, how can we deliver more? The rule > > size is unbounded. How do I get an unbounded amount of data onto this > > side of the socket when I have to generate it all during the request... > > This is what netlink dumps are for. It is how we are able to dump > routing tables with millions of routes to userspace. > > By using normal netlink requests and netlink_unicast() for this, you > are ignoring an entire mechanism in netlink designed specifically to > handle this kind of situation. > > Netlink dumps track state and build one or more SKBs (as necessary), > one by one, to form the reply. It implements flow control, state > tracking for iteration, optimized SKB sizing and allocation, etc. Awesome. I'll see what I can find! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists