From owner-freebsd-hackers@FreeBSD.ORG  Mon Jun  2 02:48:47 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1D0DE37B401
	for <freebsd-hackers@freebsd.org>;
	Mon,  2 Jun 2003 02:48:46 -0700 (PDT)
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by mx1.FreeBSD.org (Postfix) with SMTP id CBAB943F3F
	for <freebsd-hackers@freebsd.org>;
	Mon,  2 Jun 2003 02:48:44 -0700 (PDT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa08007@salmon>; 2 Jun 2003 10:48:43 +0100 (BST)
Date: Mon, 2 Jun 2003 10:48:40 +0100
From: David Malone <dwmalone@maths.tcd.ie>
To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>
Message-ID: <20030602094839.GA65261@walton.maths.tcd.ie>
References: <20030602075328.GV45118@garage.freebsd.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030602075328.GV45118@garage.freebsd.pl>
User-Agent: Mutt/1.5.3i
Sender: dwmalone@maths.tcd.ie
cc: freebsd-hackers@freebsd.org
Subject: Re: Locking, locking...
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jun 2003 09:48:48 -0000

On Mon, Jun 02, 2003 at 09:53:28AM +0200, Pawel Jakub Dawidek wrote:
> As we all knew size of list could be changed when we were in malloc().
> Of course we could check list size again after malloc() and mtx_lock(),
> but what to do when it was changed? Recall memory allocation?

By recall, do you mean free the memory you have allocated and begin
the procedure again? Of course, you only have to do this when the
list has got longer.

> If size of this list depends on every process there is a chance to DoS
> such piece of code. Return an error? Not always it is possible.

I'm not sure the DoS potential is so bad. To force restarts the
attacker needs to either keep increasing the length of the list or
increase and decrease it repeatedle. If they can keep increasing
it, then there is a DoS in terms of memory allocation anyway. If
they increase and decrease it, there should be 50-50 chance of the
allocation working each time.

Maybe I've missed something though.

	David.