From: "Paul E. McKenney" <[EMAIL PROTECTED]> Date: Fri, 18 Jan 2008 21:57:00 -0800
> On Fri, Jan 18, 2008 at 08:36:55PM -0800, Stephen Hemminger wrote: > > On Fri, 18 Jan 2008 20:34:46 -0800 > > "Paul E. McKenney" <[EMAIL PROTECTED]> wrote: > > > > > On Fri, Jan 18, 2008 at 02:49:00PM -0800, Stephen Hemminger wrote: > > > > The perturbation timer used for re-keying can be deferred, it doesn't > > > > need to be deterministic. > > > > > > The only concern that I can come up with is that the sfq_perturbation > > > timer might be on one CPU, and all the operations using the corresponding > > > SFQ on another. This could in theory allow a nearly omniscient attacker > > > to exploit an SFQ imbalance while preventing perturbation of the hash > > > function. > > > > > > This does not seem to be a valid concern at this point, since there are > > > very few uses of init_timer_deferrable(). And if it should become a > > > problem, one approach would be to have some sort of per-timer limit to > > > the deferral. Of course, at that point one would need to figure out > > > what this limit should be! > > > > > > Acked-by: Paul E. McKenney <[EMAIL PROTECTED]> > > > > But the only threat is getting more bandwidth for a longer interval. > > It is all kind of moot anyway because the bandwidth hogs all open > > multiple connections anyway, so SFQ is of no use. > > Good point, and an additional reason for my Acked-by above. ;-) I've applied this patch, thanks :-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
