This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: [PATCH resend] allow connecting to xenconsole from remot

To: Muli Ben-Yehuda <muli@xxxxxxxxxx>
Subject: [Xen-devel] Re: [PATCH resend] allow connecting to xenconsole from remote hosts
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Tue, 26 Sep 2006 18:43:32 +0100
Cc: Jimi Xenidis <jimix@xxxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Anthony Liguori <anthony@xxxxxxxxxxxxx>, Orran Y Krieger <okrieg@xxxxxxxxxx>
Delivery-date: Tue, 26 Sep 2006 10:42:35 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20060926160831.GA7129@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acbhk0iIhwLeRk2GEduAkQAX8io7RQ==
Thread-topic: [PATCH resend] allow connecting to xenconsole from remote hosts
User-agent: Microsoft-Entourage/
On 26/9/06 17:08, "Muli Ben-Yehuda" <muli@xxxxxxxxxx> wrote:

> I can certainly do that - in fact, that's what I started with. But
> even the current xenconsole code suffers from the theoretical problem
> mentioned above of writing to an fd without checking that it is
> writable first. All it takes to exploit it is to run `xenconsole |
> <socket>' and make the system run out of memory so that the socket is
> temporarily not writable. Granted, if this happens you have bigger
> problems, but why not do things right?

I don't believe such a problem exists with the current console code.

We only write() to the tty_fd if it is in the set of writefds after the
select() call in handle_io(). This means it can take at least one byte of
data. We may offer the write() call more than this but, since we set it
O_NONBLOCK, it will simply bite off what it can chew right now and we keep
the rest for later.

 -- Keir

Xen-devel mailing list