| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8ae551e1-5c2e-6a95-b4d1-3301c5173171@gmail.com>
Date: Fri, 22 Nov 2019 17:17:48 -0700
From: David Ahern <dsahern@...il.com>
To: Ben Greear <greearb@...delatech.com>,
netdev <netdev@...r.kernel.org>
Subject: Re: VRF and/or cgroups problem on Fedora-30, 5.2.21+ kernel
On 11/22/19 5:14 PM, Ben Greear wrote:
> On 11/22/19 4:06 PM, David Ahern wrote:
>> On 11/22/19 5:03 PM, Ben Greear wrote:
>>> Hello,
>>>
>>> We see a problem on a particular system when trying to run 'ip vrf exec
>>> _vrf1 ping 1.1.1.1'.
>>> This system reproduces the problem all the time, but other systems with
>>> exact same (as far as
>>> we can tell) software may fail occasionally, but then it will work
>>> again.
>>>
>>> Here is an strace output. I changed to the
>>> "/sys/fs/cgroup/unified/user.slice/user-1000.slice/session-2.scope/vrf/_vrf1"
>>>
>>>
>>> directory as root user, and could view the files in that directory, so
>>> I'm not sure why the strace shows error 5.
>>>
>>> Any idea what could be the problem and/or how to fix it or debug
>>> further?
>>>
>>>
>>> This command was run as root user.
>>
>> check 'ulimit -l'. BPF is used to set the VRF and it requires locked
>> memory.
>
> It is set to '64'. What is a good value to use?
>
This is a pain point in using BPF for this. It's really use case
dependent. 128kB, 256kB.
Powered by blists - more mailing lists