|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] RFC: HVM de-privileged mode scheduling considerations
On Mon, 2015-08-03 at 15:34 +0100, Ian Campbell wrote: > On Mon, 2015-08-03 at 14:54 +0100, Andrew Cooper wrote: > > I think it would be entirely reasonable to have a deadline for a single > > execution of depriv mode, after which the domain is declared malicious > > and killed. > > I think this could make sense, it's essentially a harsher variant of Ben's > suggestion to abort an attempt to process the MMIO in order to migrate to > another pcpu, but it has the benefit of being easier to implement and > easier to reason about > Indeed. I think it very much depends on what we expect the common/legit case to be, how long it would last, etc. If, as Andrew is saying, and as it seems sane, we expect things to be pretty quick this solution sounds good to me, and we can avoid the complexity of bouncing the operation among pcpus. > > We already have this for host pcpus - the watchdog defaults to 5 > > seconds. Having a similar cutoff for depriv mode should be fine. > > That's a reasonable analogy. > > Perhaps we would want the depriv-watchdog to be some 1/N fraction of the > pcpu -watchdog, for a smallish N, to avoid the risk of any slop in the > timing allowing the pcpu watchdog to fire. N=3 for example (on the grounds > that N=2 is probably sufficient, so N=3 must be awesome). > I like this too. Regards, Dario -- <<This happens because I choose it to happen!>> (Raistlin Majere) ----------------------------------------------------------------- Dario Faggioli, Ph.D, http://about.me/dario.faggioli Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK) Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |