WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-bugs

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-bugs] [Bug 288] New: Unpivileged domains can start ulimited VCPUs .

from [bugzilla-daemon] [Permanent Link][Original]
To: xen-bugs@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-bugs] [Bug 288] New: Unpivileged domains can start ulimited VCPUs ... resulting in denial of service
From: bugzilla-daemon@xxxxxxxxxxxxxxxxxxx
Date: Thu, 06 Oct 2005 18:55:29 +0000
Delivery-date: Thu, 06 Oct 2005 18:55:33 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-bugs-request@lists.xensource.com?subject=help>
List-id: Xen Bugzilla <xen-bugs.lists.xensource.com>
List-post: <mailto:xen-bugs@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=unsubscribe>
Reply-to: bugs@xxxxxxxxxxxxxxxxxx
Sender: xen-bugs-bounces@xxxxxxxxxxxxxxxxxxx 
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=288

           Summary: Unpivileged domains can start ulimited VCPUs ...
                    resulting in denial of service
           Product: Xen
           Version: unstable
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Hypervisor
        AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx
        ReportedBy: jyoung5@xxxxxxxxxx


Problem:
     When a domain is being built from a privleged domain (in this case dom0)
one can request how many VCPUs a domain can have. But once that unprivelged
domain is up and going, that unprivelged domain can start as many VCPUs (via a
hypercall) as it would like for itself. Since VCPUs are given a fair share of
the CPU time this can result in a malicious unpriviledged domain to increase
it's CPU time resulting in loss of CPU time for other domains at worst resulting
in a denial of service situation for other domains on the system.

Possible Solution:
     Only privileged hypercall should be allowed to add VCPUs to a domain.

-- 
Configure bugmail: 
http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
Xen-bugs mailing list
Xen-bugs@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-bugs
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-bugs] [Bug 288] New: Unpivileged domains can start ulimited VCPUs ... resulting in denial of service, bugzilla-daemon <=
Previous by Date:  [Xen-bugs] [Bug 287] New: No true noticfication mechanism for Xen tools to determine when a domain has completely been destroyed, bugzilla-daemon
Next by Date:  [Xen-bugs] [Bug 289] New: Xenstore Full bug, bugzilla-daemon
Previous by Thread:  [Xen-bugs] [Bug 287] New: No true noticfication mechanism for Xen tools to determine when a domain has completely been destroyed, bugzilla-daemon
Next by Thread:  [Xen-bugs] [Bug 289] New: Xenstore Full bug, bugzilla-daemon
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy