lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 9 Mar 2016 20:09:21 +0300
From:	Cyrill Gorcunov <gorcunov@...il.com>
To:	Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:	Eric Dumazet <eric.dumazet@...il.com>,
	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	solar@...nwall.com, vvs@...tuozzo.com, avagin@...tuozzo.com,
	xemul@...tuozzo.com, vdavydov@...tuozzo.com, khorenko@...tuozzo.com
Subject: Re: [RFC] net: ipv4 -- Introduce ifa limit per net

On Wed, Mar 09, 2016 at 08:58:52AM -0800, Alexei Starovoitov wrote:
...
> 
> above line is an indication that you have:
> #if defined(CONFIG_DEBUG_PREEMPT) || defined(CONFIG_PREEMPT_TRACER)
> turning it off will speed up things significantly.

Look, this won't change the overall picture. For sure it will
speedup the kernel but it won't prevent the users from allowing
allocating addresses. So timings will drop a bit but the main
issue will remain -- there is no explicit way to limit this
resource. We can create say 1K of netnamespaces and allocate
100K addresses in each, then start destorying the namespaces
and node gonna be unreachable until everything is freed. The
kernel works as it shold simply in case of highload is stops
react due to big number of rtnl-locks taken.

	Cyrill

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ