lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160111163337.GC6074@mrl.redhat.com>
Date:	Mon, 11 Jan 2016 14:33:37 -0200
From:	Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	David Miller <davem@...emloft.net>, eric.dumazet@...il.com,
	lucien.xin@...il.com, netdev@...r.kernel.org,
	linux-sctp@...r.kernel.org, mleitner@...hat.com,
	vyasevic@...hat.com, daniel@...earbox.net
Subject: Re: [PATCH net-next 1/5] sctp: add the rhashtable apis for sctp
 global transport hashtable

On Mon, Jan 11, 2016 at 05:32:10PM +0800, Herbert Xu wrote:
> David Miller <davem@...emloft.net> wrote:
> > From: Eric Dumazet <eric.dumazet@...il.com>
> > Date: Wed, 30 Dec 2015 11:57:31 -0500
> > 
> >> I am against using rhashtable in SCTP (or TCP) at this stage, given the
> >> number of bugs we have with it.
> > 
> > Come on Eric, we've largely dealt with all of these problems.  I haven't
> > seen a serious report in a while.
> 
> Well there is still the outstanding issue with softirq insertion
> potentially failing with ENOMEM if we fail to expand the hash
> table using just kmalloc.
> 
> So if the target user does softirq insertions, I would wait until
> the fix for that is ready.

It does some, yes. If listening socket is not backlogged, there will be
N inserts at each new association, where N is the number of IP addresses
that the client is advertising.

This is done on the second stage of the SCTP handshake. Not easily
DoS-able as it requires receiving a packet from server and replying
based on it, plus N is limited by MTU.

AFAIK Xin's stress tests couldn't hit this situation of ENOMEM, btw.

Thanks,
Marcelo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ