WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] xend leaks/bugs/etc

from [Anthony Liguori] [Permanent Link][Original]
To: Hollis Blanchard <hollisb@xxxxxxxxxx>
Subject: Re: [Xen-devel] xend leaks/bugs/etc
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Mon, 18 Apr 2005 10:45:40 -0500
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 18 Apr 2005 15:46:02 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1113838055.7546.6.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: IBM
References: <A95E2296287EAD4EB592B5DEEFCE0E9D1E3BE3@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1113804011.9189.46.camel@multivac> <1113834723.7086.87.camel@localhost> <4263CF05.2030906@xxxxxxxxxx> <1113838055.7546.6.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (X11/20041206) 
Hollis Blanchard wrote:


On Mon, 2005-04-18 at 10:15 -0500, Anthony Liguori wrote:

Finally, the xend code seems to trust input it receives from domains
which is incompatible with the architectural goal of VM isolation.


This is a very big problem.  One very difficult issue to address is
how to deal with very hostile domains that may attempt DoS attacks by flooding their own console. 

This isn't really a xend issue. I'm not sure this *can* be addressed,
and I believe other hypervisors have this problem as well.
I'm not sure I agree. Since Xen only provides shared-memory and event channels, the tools control how frequently they look at shared-memory (so a tool can throttle itself). The only possible DoS venue should be the event channels. The tools should simply be able to unbind from event channels that are considered hostile. 


At some point, you have to acknowledge there will be *some* resource
sharing among otherwise isolated domains. Switching domains on a single
CPU will increase cache misses; domains doing lots of (valid and
allowed) IO will reduce shared bus bandwidth for other domains; etc...
There are certainly going to be things that you cannot prevent but that does not mean we shouldn't try to prevent everything we can prevent. 

Regards,
Anthony Liguori

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] xend leaks/bugs/etc, Hollis Blanchard
Next by Date:  Re: [Xen-devel] xend leaks/bugs/etc, Harry Butterworth
Previous by Thread:  Re: [Xen-devel] xend leaks/bugs/etc, Hollis Blanchard
Next by Thread:  Re: [Xen-devel] xend leaks/bugs/etc, Hollis Blanchard
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy