| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1457986987.31401.6.camel@edumazet-glaptop3.roam.corp.google.com> Date: Mon, 14 Mar 2016 13:23:07 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Saeed Mahameed <saeedm@....mellanox.co.il> Cc: Saeed Mahameed <saeedm@...lanox.com>, "David S. Miller" <davem@...emloft.net>, Linux Netdev List <netdev@...r.kernel.org>, Or Gerlitz <ogerlitz@...lanox.com>, Eran Ben Elisha <eranbe@...lanox.com>, Tal Alon <talal@...lanox.com>, Tariq Toukan <tariqt@...lanox.com>, Jesper Dangaard Brouer <brouer@...hat.com> Subject: Re: [PATCH net-next 08/13] net/mlx5e: Add fragmented memory support for RX multi packet WQE On Mon, 2016-03-14 at 20:16 +0200, Saeed Mahameed wrote: > we can do special accounting for ooo like issues in the stack (maybe > count page references and sum up page sizes as you suggest), device > drivers shouldn't have special handling/accounting to protect against > such cases. The existing skb->truesize is doing this already. The fact that some drivers use PAGE_SIZE/2 instead of PAGE_SIZE is an heuristic that is mostly okay, and we accept the risk : Even if a smart attack is happening, host will consume 200 XB instead of 100 XB. But pretending to use 128 bytes is simply a dangerous weapon over your head, since you end up consuming 1600 XB. With tcp_mem[2] being 18% of physical memory, you end up consuming all physical memory and crash. I can tell you that these kind of attacks are very real. I´ve seen them in action.
Powered by blists - more mailing lists