Re: [PATCH 5.4 175/244] inet: use bigger hash table for IP ID generation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 16, 2021 at 1:19 PM David Laight <David.Laight@xxxxxxxxxx> wrote:

>
> Can someone explain why this is a good idea for a 'normal' system?
>

This patch mitigates some techniques that leak internal state due to
table hash collisions.

> Why should my desktop system 'waste' 2MB of memory on a massive
> hash table that I don't need.

In the patch's defense, it only consumes 2MB when the physical RAM is >= 16GB.

> It might be needed by systems than handle massive numbers
> of concurrent connections - but that isn't 'most systems'.
>
> Surely it would be better to detect when the number of entries
> is comparable to the table size and then resize the table.

Security-wise, this approach is not effective. The table size was
increased to reduce the likelihood of hash collisions. These start
happening when you have ~N^(1/2) elements (for table size N), so
you'll need to resize pretty quickly anyway.



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux