|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] xend leaks/bugs/etc
Hollis Blanchard wrote: I'm not sure I agree. Since Xen only provides shared-memory and event channels, the tools control how frequently they look at shared-memory (so a tool can throttle itself). The only possible DoS venue should be the event channels. The tools should simply be able to unbind from event channels that are considered hostile.On Mon, 2005-04-18 at 10:15 -0500, Anthony Liguori wrote:Finally, the xend code seems to trust input it receives from domains which is incompatible with the architectural goal of VM isolation.This is a very big problem. One very difficult issue to address ishow to deal with very hostile domains that may attempt DoS attacks by flooding their own console.This isn't really a xend issue. I'm not sure this *can* be addressed, and I believe other hypervisors have this problem as well. There are certainly going to be things that you cannot prevent but that does not mean we shouldn't try to prevent everything we can prevent.At some point, you have to acknowledge there will be *some* resource sharing among otherwise isolated domains. Switching domains on a single CPU will increase cache misses; domains doing lots of (valid and allowed) IO will reduce shared bus bandwidth for other domains; etc... Regards, Anthony Liguori _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |