WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Re: xenconsoled CPU denial of service problem

from [Anthony Liguori] [Permanent Link][Original]
To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Subject: [Xen-devel] Re: xenconsoled CPU denial of service problem
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Wed, 04 Oct 2006 13:19:31 -0500
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 04 Oct 2006 11:20:10 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20061004181013.GH474@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20060829155900.GC970@xxxxxxxxxx> <C11B93DA.1869%Keir.Fraser@xxxxxxxxxxxx> <20060911141905.GB26811@xxxxxxxxxx> <20061004135026.GC474@xxxxxxxxxx> <4523E634.7050901@xxxxxxxxxx> <20061004171939.GF474@xxxxxxxxxx> <4523F4F4.1090508@xxxxxxxxxx> <20061004181013.GH474@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (X11/20060918) 
Daniel P. Berrange wrote:
Xenconsole could still spit out on a PTY. You don't necessarily need a daemon though (you could launch a xenconsole for each domain that was started). 

The xenconsole would still need the rate-limiting, and once you're launching
one xenconsole per domain, where's the gain over the single xenconsoled
process ?
When the pty is writable, try to read information from ring queue. Only let the pty become readable when there is data in the queue ready to be ready. You only need to listen for event channel notifications when the queue is empty (so you cannot be stormed).
Likewise, you don't have to listen for event channel notifications when the queue is full, and you have data to write.
The only time you could be DoS is when someone is attached to the PTY and actively reading/writing to it. I would then argue that it's not xenconsole's responsibility to rate limit. It's whoever is reading or writing.
That also gives you a bit more choice in how you expose the console (you could have a xenconsole that spit out via TCP). 

Given a TTY, there are already tools which can do this & more. So I don't see
any point in writing such functionality again for Xen. If using HVM domains
one would already typically be exposing a serial console from the guest via
a pseudo-TTY, so doing all PV console stuff via a TTY gives parity in the
management toolset.
I'm happy exposing a pty for the console. I made those same arguments myself when we first did it :-) I'm simply suggesting that we move the buffering to domU. 

Regards,

Anthony Liguori


Regards,
Dan.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: xenconsoled CPU denial of service problem, Daniel P. Berrange
Next by Date:  Re: [Xen-devel] PV drivers for HVM guests, Ky Srinivasan
Previous by Thread:  [Xen-devel] Re: xenconsoled CPU denial of service problem, Daniel P. Berrange
Next by Thread:  [Xen-devel] [PATCH] x86: remove references to non-existing 7th multi call argument, Jan Beulich
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy