| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Nov 2014 09:55:27 +0200 From: "Michael S. Tsirkin" <mst@...hat.com> To: Jason Wang <jasowang@...hat.com> Cc: David Miller <davem@...emloft.net>, pagupta@...hat.com, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, dgibson@...hat.com, vfalico@...il.com, edumazet@...gle.com, vyasevic@...hat.com, hkchu@...gle.com, wuzhy@...ux.vnet.ibm.com, xemul@...allels.com, therbert@...gle.com, bhutchings@...arflare.com, xii@...gle.com, stephen@...workplumber.org, jiri@...nulli.us, sergei.shtylyov@...entembedded.com Subject: Re: [PATCH net-net 0/4] Increase the limit of tuntap queues On Mon, Nov 24, 2014 at 11:23:05AM +0800, Jason Wang wrote: > On 11/23/2014 06:46 PM, Michael S. Tsirkin wrote: > > On Wed, Nov 19, 2014 at 10:44:27PM +0200, Michael S. Tsirkin wrote: > >> > On Wed, Nov 19, 2014 at 03:16:28PM -0500, David Miller wrote: > >>> > > From: Pankaj Gupta <pagupta@...hat.com> > >>> > > Date: Tue, 18 Nov 2014 21:52:54 +0530 > >>> > > > >>>> > > > - Accept maximum number of queues as sysctl param so that any user space > >>>> > > > application like libvirt can use this value to limit number of queues. Also > >>>> > > > Administrators can specify maximum number of queues by updating this sysctl > >>>> > > > entry. > >>> > > > >>> > > This is the only part I don't like. > >>> > > > >>> > > Just let whoever has privileges to configure the tun device shoot > >>> > > themselves in the foot if they want to by configuring "too many" > >>> > > queues. > >>> > > > >>> > > If the virtual entity runs itself out of resources by doing something > >>> > > stupid, it's purely their problem. > >> > > >> > Well it will run host out of kernel, no? > > To clarify: > > > > At the moment attaching/detaching queues is an unpriveledged operation. > > > > Shouldn't we worry that an application can cause large > > allocations, and provide a way to limit these? > > But creating new queues (TUNSETIFF) is privileged. There's no way for > unprivileged user to allocate more resources. So we are safe here? Hmm, that's true, I think I was confused. Thanks for setting me straight. -- MST -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists