|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] xend leaks/bugs/etc
On Mon, 2005-04-18 at 10:15 -0500, Anthony Liguori wrote: > >Finally, the xend code seems to trust input it receives from domains > >which is incompatible with the architectural goal of VM isolation. > > > This is a very big problem. One very difficult issue to address is > how to deal with very hostile domains that may attempt DoS attacks by > flooding their own console. This isn't really a xend issue. I'm not sure this *can* be addressed, and I believe other hypervisors have this problem as well. At some point, you have to acknowledge there will be *some* resource sharing among otherwise isolated domains. Switching domains on a single CPU will increase cache misses; domains doing lots of (valid and allowed) IO will reduce shared bus bandwidth for other domains; etc... -- Hollis Blanchard IBM Linux Technology Center _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |