Re: [Xen-devel] xenconsoled CPU denial of service problem

To:	"Daniel P. Berrange" <berrange@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [Xen-devel] xenconsoled CPU denial of service problem
From:	Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date:	Mon, 28 Aug 2006 21:57:22 +0100
Delivery-date:	Mon, 28 Aug 2006 14:06:51 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<20060828180224.GG862@xxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcbK5I6TzPxsXTbXEduheAANk04WTA==
Thread-topic:	[Xen-devel] xenconsoled CPU denial of service problem
User-agent:	Microsoft-Entourage/11.2.5.060620

On 28/8/06 7:02 pm, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:

> Does anyone know of any alternative approach to detecting whether the fd
> for the master end of a psuedo-TTY, has a its end slave open / active ?
> Without being able to detect this I don't see any good way to avoid the DOS
> attack in the general case - only other option would be to start dropping
> data once > a certain rate, but this isn't really very desirable because
> there are (debug) scenarios in which you really do want the ability to
> capture all data.

The protocol has flow control. If we rate-limited xenconsoled consumption of
data from each domU ring, we would limit resource consumption in dom0 and
not lose any data (since the domU will simply buffer it internally).

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel