From: "Daniel P. Berrange" <berrange@redhat.com>
To: Luiz Capitulino <lcapitulino@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>,
qemu-devel@nongnu.org, Anthony Liguori <anthony@codemonkey.ws>,
Markus Armbruster <armbru@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2 3/3] Add rate limiting of RTC_CHANGE, BALLOON_CHANGE & WATCHDOG events
Date: Wed, 13 Jun 2012 15:53:55 +0100 [thread overview]
Message-ID: <20120613145355.GC29641@redhat.com> (raw)
In-Reply-To: <20120611142205.68e86ddb@doriath.home>
On Mon, Jun 11, 2012 at 02:22:05PM -0300, Luiz Capitulino wrote:
> On Fri, 8 Jun 2012 17:48:56 +0100
> "Daniel P. Berrange" <berrange@redhat.com> wrote:
>
> > On Wed, May 30, 2012 at 03:50:37PM -0300, Luiz Capitulino wrote:
> > > On Mon, 21 May 2012 17:59:53 +0100
> > > "Daniel P. Berrange" <berrange@redhat.com> wrote:
> >
> > > > +/* Global, one-time initializer to configure the rate limiting
> > > > + * and initialize state */
> > > > +static void monitor_protocol_event_init(void)
> > > > +{
> > > > + qemu_mutex_init(&monitor_event_state_lock);
> > > > + /* Limit RTC & BALLOON events to 1 per second */
> > > > + monitor_protocol_event_throttle(QEVENT_RTC_CHANGE, 1000);
> > > > + monitor_protocol_event_throttle(QEVENT_BALLOON_CHANGE, 1000);
> > > > + monitor_protocol_event_throttle(QEVENT_WATCHDOG, 1000);
> > >
> > > What about SUSPENDED and BLOCK_IO_ERROR? Couldn't the former be also
> > > used by a malicious guest to cause a DoS? The former is already emitted
> > > several times for virtio.
> >
> > This can't be used to filter BLOCK_IO_ERROR, since that event
> > contains per-device state information. Filtering this would
> > need to be done in the block layer, so it can done per device.
>
> That's right.
>
> > I don't think SUSPEND can be used to DoS, since once the VM
> > is in the suspend state, a monitor command is required to wake
> > it up again before the guest OS can trigger a new suspend.
>
> Can't the guest OS awake itself?
I didn't think so. Even if it can, we can't rate limit SUSPEND
events in isolation, because they must be strictly ordered
wrt RESUME events.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2012-06-13 14:54 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-21 16:59 [Qemu-devel] [PATCH v2 0/3] Event notifications for balloon driver Daniel P. Berrange
2012-05-21 16:59 ` [Qemu-devel] [PATCH v2 1/3] Add 'query-events' command to QMP to query async events Daniel P. Berrange
2012-05-22 20:47 ` Luiz Capitulino
2012-05-21 16:59 ` [Qemu-devel] [PATCH v2 2/3] Add event notification for guest balloon changes Daniel P. Berrange
2012-05-21 19:44 ` Amit Shah
2012-05-21 19:50 ` Daniel P. Berrange
2012-05-22 12:50 ` Amit Shah
2012-05-21 16:59 ` [Qemu-devel] [PATCH v2 3/3] Add rate limiting of RTC_CHANGE, BALLOON_CHANGE & WATCHDOG events Daniel P. Berrange
[not found] ` <20120530155037.4e5d46df@doriath.home>
2012-06-08 16:48 ` Daniel P. Berrange
2012-06-11 17:22 ` Luiz Capitulino
2012-06-13 14:53 ` Daniel P. Berrange [this message]
2012-06-13 14:57 ` Paolo Bonzini
2012-06-13 15:06 ` Daniel P. Berrange
2012-06-13 15:35 ` Paolo Bonzini
2012-06-13 15:04 ` Daniel P. Berrange
2012-05-22 20:55 ` [Qemu-devel] [PATCH v2 0/3] Event notifications for balloon driver Luiz Capitulino
2012-05-23 10:35 ` Daniel P. Berrange
2012-05-23 14:16 ` Luiz Capitulino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120613145355.GC29641@redhat.com \
--to=berrange@redhat.com \
--cc=amit.shah@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=armbru@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.