WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] xenconsoled CPU denial of service problem

from [Keir Fraser] [Permanent Link][Original]
To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] xenconsoled CPU denial of service problem
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Mon, 28 Aug 2006 21:57:22 +0100
Delivery-date: Mon, 28 Aug 2006 14:06:51 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20060828180224.GG862@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcbK5I6TzPxsXTbXEduheAANk04WTA==
Thread-topic: [Xen-devel] xenconsoled CPU denial of service problem
User-agent: Microsoft-Entourage/11.2.5.060620 
On 28/8/06 7:02 pm, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:

> Does anyone know of any alternative approach to detecting whether the fd
> for the master end of a psuedo-TTY, has a its end slave open / active ?
> Without being able to detect this I don't see any good way to avoid the DOS
> attack in the general case - only other option would be to start dropping
> data once > a certain rate, but this isn't really very desirable because
> there are (debug) scenarios in which you really do want the ability to
> capture all data.

The protocol has flow control. If we rate-limited xenconsoled consumption of
data from each domU ring, we would limit resource consumption in dom0 and
not lose any data (since the domU will simply buffer it internally).

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Testing status of HVM (Intel VT) on 64bit XEN unstable c/s 11259, Ed Smith
Next by Date:  Re: [Xen-devel] pciback error - what does it mean?, Keir Fraser
Previous by Thread:  [Xen-devel] xenconsoled CPU denial of service problem, Daniel P. Berrange
Next by Thread:  Re: [Xen-devel] xenconsoled CPU denial of service problem, Daniel P. Berrange
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy