[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: xenconsoled CPU denial of service problem

Daniel P. Berrange wrote:
Xenconsole could still spit out on a PTY. You don't necessarily need a daemon though (you could launch a xenconsole for each domain that was started).

The xenconsole would still need the rate-limiting, and once you're launching
one xenconsole per domain, where's the gain over the single xenconsoled
process ?

When the pty is writable, try to read information from ring queue. Only let the pty become readable when there is data in the queue ready to be ready. You only need to listen for event channel notifications when the queue is empty (so you cannot be stormed).

Likewise, you don't have to listen for event channel notifications when the queue is full, and you have data to write.

The only time you could be DoS is when someone is attached to the PTY and actively reading/writing to it. I would then argue that it's not xenconsole's responsibility to rate limit. It's whoever is reading or writing.

That also gives you a bit more choice in how you expose the console (you could have a xenconsole that spit out via TCP).

Given a TTY, there are already tools which can do this & more. So I don't see
any point in writing such functionality again for Xen. If using HVM domains
one would already typically be exposing a serial console from the guest via
a pseudo-TTY, so doing all PV console stuff via a TTY gives parity in the
management toolset.

I'm happy exposing a pty for the console. I made those same arguments myself when we first did it :-) I'm simply suggesting that we move the buffering to domU.


Anthony Liguori


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.