| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Nov 2017 12:24:48 +0300 From: Vasily Averin <vvs@...tuozzo.com> To: Rémi Denis-Courmont <remi@...lab.net> Cc: netdev@...r.kernel.org Subject: Re: [PATCH v3 20/21] phonet: exit_net cleanup check added On 2017-11-06 22:37, Rémi Denis-Courmont wrote: > In my opinon, tis is still utterly pointless. Really, what bug did this > specific patch help to fix? I'm maintainer of legacy OpenVz kernels, we release containers-ready kernels 15+ years, they are widely used by hosting providers, usually they use 30-300 containers per node. In this scenario if any of container causes the problem it affects many other. For many years we got lot of strange memory corruptions and found lot of memory leaks in namespace-fied subsytems. These bugs are invisible on usual kernls, because init_net lives forever and never destroyed. However they are quite important for systems running lott of independent namespaces, that can be restarted many times without host admin assistance. Each memory leak can be repeated many times and finally it enables OOM-killer that disables whole node. And nobody understand what's happen. Such kind of checks allows to be sure that net namespace exit was clear and leaked nothing. > If you want to debug network namespaces, I have a feeling that the network > namespace code is a better place to do so than individual protocol stacks. Common network namespace code knows nothing about specific of each individual driver/subsystem. I do not understand how it's possible to do it in common netns code. Thank you, Vasily Averin
Powered by blists - more mailing lists