From: Herbert Xu <herbert@gondor.apana.org.au>
To: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>, David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, Eric Dumazet <eric.dumazet@gmail.com>
Subject: Re: [v1 PATCH 7/14] netfilter: Use rhashtable_lookup instead of lookup_compare
Date: Sat, 21 Mar 2015 08:47:12 +1100 [thread overview]
Message-ID: <20150320214712.GA23963@gondor.apana.org.au> (raw)
In-Reply-To: <20150320102701.GA28736@acer.localdomain>
On Fri, Mar 20, 2015 at 10:27:01AM +0000, Patrick McHardy wrote:
> On 20.03, Herbert Xu wrote:
>
> > Any hash function can be attacked. That's why we need to be able
> > to rehash it. And the best way to decide when to rehash is based
> > on chain length (otherwise you'd waste time rehashing periodically
> > like we used to do). With name spaces these days anyone could be
> > an adversary.
>
> We already had this discussion. I strongly do not believe this is
> the right way to fix namespace problems. There are millions of ways
> of creating CPU intensive workloads. You need to be able to put
> bounds on the entire namespace. Fixing individual spots will not
> solve that problem.
A CPU intensive workload that can be rescheduled is completely
different from one that is running under spin lock with BH disabled.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next prev parent reply other threads:[~2015-03-20 21:47 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-13 9:56 [PATCH 0/6] rhashtable: Fixes + cleanups + preparation for multiple rehash Herbert Xu
2015-03-13 9:57 ` [PATCH 1/6] rhashtable: Fix walker behaviour during rehash Herbert Xu
2015-03-13 15:50 ` Thomas Graf
2015-03-13 23:42 ` Herbert Xu
2015-03-14 0:06 ` Thomas Graf
2015-03-13 9:57 ` [PATCH 2/6] rhashtable: Use SINGLE_DEPTH_NESTING Herbert Xu
2015-03-13 15:40 ` Thomas Graf
2015-03-13 9:57 ` [PATCH 3/6] rhashtable: Move seed init into bucket_table_alloc Herbert Xu
2015-03-13 10:03 ` Daniel Borkmann
2015-03-13 11:33 ` David Laight
2015-03-13 11:40 ` Herbert Xu
2015-03-13 15:40 ` Thomas Graf
2015-03-13 9:57 ` [PATCH 4/6] rhashtable: Free bucket tables asynchronously after rehash Herbert Xu
2015-03-13 15:42 ` Thomas Graf
2015-03-13 9:57 ` [PATCH 5/6] rhashtable: Add rehash counter to bucket_table Herbert Xu
2015-03-13 13:51 ` Thomas Graf
2015-03-14 2:49 ` Herbert Xu
2015-03-13 9:57 ` [PATCH 6/6] rhashtable: Move future_tbl into struct bucket_table Herbert Xu
2015-03-13 16:13 ` Thomas Graf
2015-03-13 13:57 ` [PATCH 0/6] rhashtable: Fixes + cleanups + preparation for multiple rehash Thomas Graf
2015-03-13 16:25 ` David Miller
2015-03-14 2:51 ` Herbert Xu
2015-03-14 2:53 ` [v2 PATCH " Herbert Xu
2015-03-14 2:57 ` [v2 PATCH 1/6] rhashtable: Fix walker behaviour during rehash Herbert Xu
2015-03-14 2:57 ` [v2 PATCH 2/6] rhashtable: Use SINGLE_DEPTH_NESTING Herbert Xu
2015-03-14 2:57 ` [v2 PATCH 3/6] rhashtable: Move seed init into bucket_table_alloc Herbert Xu
2015-03-14 2:57 ` [v2 PATCH 4/6] rhashtable: Free bucket tables asynchronously after rehash Herbert Xu
2015-03-14 2:57 ` [v2 PATCH 5/6] rhashtable: Add rehash counter to bucket_table Herbert Xu
2015-03-14 2:57 ` [v2 PATCH 6/6] rhashtable: Move future_tbl into struct bucket_table Herbert Xu
2015-03-15 5:36 ` [v2 PATCH 0/6] rhashtable: Fixes + cleanups + preparation for multiple rehash David Miller
2015-03-15 10:10 ` [v1 PATCH 0/6] rhashtable: Fix two bugs caused by multiple rehash preparation Herbert Xu
2015-03-15 10:12 ` [v1 PATCH 1/2] rhashtable: Fix use-after-free in rhashtable_walk_stop Herbert Xu
2015-03-15 10:12 ` [v1 PATCH 2/2] rhashtable: Fix rhashtable_remove failures Herbert Xu
2015-03-15 10:43 ` [v1 PATCH 0/14] rhashtable: Kill shift/Key netlink namespace/Merge jhash Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 1/14] rhashtable: Remove shift from bucket_table Herbert Xu
2015-03-17 10:51 ` David Laight
2015-03-17 10:56 ` tgraf
2015-03-17 11:00 ` Herbert Xu
2015-03-17 11:22 ` tgraf
2015-03-17 11:27 ` Herbert Xu
2015-03-17 11:57 ` tgraf
2015-03-17 12:13 ` David Laight
2015-03-17 12:18 ` 'tgraf@suug.ch'
2015-03-17 12:20 ` Herbert Xu
2015-03-17 12:40 ` 'tgraf@suug.ch'
2015-03-17 13:06 ` David Laight
2015-03-17 21:56 ` Herbert Xu
2015-03-18 9:51 ` 'tgraf@suug.ch'
2015-03-18 9:55 ` Herbert Xu
2015-03-18 10:08 ` 'tgraf@suug.ch'
2015-03-18 10:12 ` Herbert Xu
2015-03-18 10:26 ` David Laight
2015-03-18 10:44 ` 'tgraf@suug.ch'
2015-03-17 11:22 ` David Laight
2015-03-17 11:25 ` Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 2/14] rhashtable: Introduce max_size/min_size Herbert Xu
2015-03-15 15:12 ` Sergei Shtylyov
2015-03-15 20:21 ` Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 3/14] netlink: Use rhashtable max_size instead of max_shift Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 4/14] tipc: " Herbert Xu
2015-03-15 15:13 ` Sergei Shtylyov
2015-03-15 10:44 ` [v1 PATCH 5/14] test_rhashtable: " Herbert Xu
2015-03-16 3:50 ` David Miller
2015-03-15 10:44 ` [v1 PATCH 6/14] rhashtable: Remove max_shift and min_shift Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 7/14] netfilter: Use rhashtable_lookup instead of lookup_compare Herbert Xu
2015-03-16 8:28 ` Thomas Graf
2015-03-16 9:14 ` Herbert Xu
2015-03-16 9:28 ` Thomas Graf
2015-03-16 11:13 ` Patrick McHardy
2015-03-20 8:55 ` Herbert Xu
2015-03-20 9:22 ` Patrick McHardy
2015-03-20 9:27 ` Herbert Xu
2015-03-20 9:59 ` Patrick McHardy
2015-03-20 10:16 ` Herbert Xu
2015-03-20 10:27 ` Patrick McHardy
2015-03-20 21:47 ` Herbert Xu [this message]
2015-03-20 21:56 ` Thomas Graf
2015-03-20 21:57 ` Herbert Xu
2015-03-20 22:07 ` Thomas Graf
2015-03-20 22:10 ` Herbert Xu
2015-03-20 22:23 ` Thomas Graf
2015-03-20 22:25 ` Herbert Xu
2015-03-20 22:36 ` Thomas Graf
2015-03-21 5:25 ` Patrick McHardy
2015-03-21 5:23 ` Patrick McHardy
2015-03-20 9:36 ` Herbert Xu
2015-03-20 10:02 ` Patrick McHardy
2015-03-15 10:44 ` [v1 PATCH 8/14] rhashtable: Fix support of objects with no accessible keys Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 9/14] netlink: Move namespace into hash key Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 10/14] rhashtable: Rip out obsolete compare interface Herbert Xu
2015-03-16 9:35 ` Thomas Graf
2015-03-15 10:44 ` [v1 PATCH 11/14] rhashtable: Allow hashfn to be unset Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 12/14] netlink: Use default rhashtable hashfn Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 13/14] tipc: " Herbert Xu
2015-03-15 10:44 ` [v1 PATCH 14/14] netfilter: " Herbert Xu
2015-03-16 4:01 ` [v1 PATCH 0/14] rhashtable: Kill shift/Key netlink namespace/Merge jhash David Miller
2015-03-16 4:18 ` Herbert Xu
2015-03-16 4:30 ` David Miller
2015-03-16 4:33 ` Herbert Xu
2015-03-16 4:40 ` David Miller
2015-03-16 11:26 ` Herbert Xu
2015-03-16 20:25 ` David Miller
2015-03-18 9:01 ` [v2 PATCH 1/6] rhashtable: Remove shift from bucket_table Herbert Xu
2015-03-18 9:01 ` [v2 PATCH 2/6] rhashtable: Introduce max_size/min_size Herbert Xu
2015-03-18 10:55 ` Thomas Graf
2015-03-18 16:47 ` David Miller
2015-03-18 16:51 ` David Laight
2015-03-18 9:01 ` [v2 PATCH 3/6] netlink: Use rhashtable max_size instead of max_shift Herbert Xu
2015-03-18 9:01 ` [v2 PATCH 4/6] tipc: Use rhashtable max/min_size instead of max/min_shift Herbert Xu
2015-03-18 9:01 ` [v2 PATCH 5/6] test_rhashtable: Use rhashtable max_size instead of max_shift Herbert Xu
2015-03-18 9:01 ` [v2 PATCH 6/6] rhashtable: Remove max_shift and min_shift Herbert Xu
2015-03-15 10:43 ` [v1 PATCH 0/6] rhashtable: Fix two bugs caused by multiple rehash preparation Herbert Xu
2015-03-16 2:23 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150320214712.GA23963@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.