On Wed, Jun 16, 2021 at 1:19 PM David Laight <David.Laight@xxxxxxxxxx> wrote: > > Can someone explain why this is a good idea for a 'normal' system? > This patch mitigates some techniques that leak internal state due to table hash collisions. > Why should my desktop system 'waste' 2MB of memory on a massive > hash table that I don't need. In the patch's defense, it only consumes 2MB when the physical RAM is >= 16GB. > It might be needed by systems than handle massive numbers > of concurrent connections - but that isn't 'most systems'. > > Surely it would be better to detect when the number of entries > is comparable to the table size and then resize the table. Security-wise, this approach is not effective. The table size was increased to reduce the likelihood of hash collisions. These start happening when you have ~N^(1/2) elements (for table size N), so you'll need to resize pretty quickly anyway.
