lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 22 Nov 2019 16:14:34 -0800
From:   Ben Greear <greearb@...delatech.com>
To:     David Ahern <dsahern@...il.com>, netdev <netdev@...r.kernel.org>
Subject: Re: VRF and/or cgroups problem on Fedora-30, 5.2.21+ kernel

On 11/22/19 4:06 PM, David Ahern wrote:
> On 11/22/19 5:03 PM, Ben Greear wrote:
>> Hello,
>>
>> We see a problem on a particular system when trying to run 'ip vrf exec
>> _vrf1 ping 1.1.1.1'.
>> This system reproduces the problem all the time, but other systems with
>> exact same (as far as
>> we can tell) software may fail occasionally, but then it will work again.
>>
>> Here is an strace output.  I changed to the
>> "/sys/fs/cgroup/unified/user.slice/user-1000.slice/session-2.scope/vrf/_vrf1"
>>
>> directory as root user, and could view the files in that directory, so
>> I'm not sure why the strace shows error 5.
>>
>> Any idea what could be the problem and/or how to fix it or debug further?
>>
>>
>> This command was run as root user.
> 
> check 'ulimit -l'. BPF is used to set the VRF and it requires locked memory.

It is set to '64'.  What is a good value to use?

Thanks,
Ben


-- 
Ben Greear <greearb@...delatech.com>
Candela Technologies Inc  http://www.candelatech.com

Powered by blists - more mailing lists