From: Luiz Capitulino <lcapitulino@redhat.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Amit Shah <amit.shah@redhat.com>,
qemu-devel@nongnu.org, Markus Armbruster <armbru@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] Add event notification for guest balloon changes
Date: Fri, 18 May 2012 10:09:34 -0300 [thread overview]
Message-ID: <20120518100934.0c7b2294@doriath.home> (raw)
In-Reply-To: <4FB56BAA.8070409@codemonkey.ws>
On Thu, 17 May 2012 16:20:42 -0500
Anthony Liguori <anthony@codemonkey.ws> wrote:
> >> Hmm, that's a good point, but my concern was that if we only emit
> >> the event when the target is reached, what happens if the guest
> >> gets very close to the target but never actually reaches it for
> >> some reason.
> >
> > Having a way to detect the last balloon change would be perfect.
>
> libvirt certainly would have to maintain a timeout and make a decision on what
> to do if the guest doesn't balloon to target. Not sure how having events help
> at all here.
I meant that if there's a way to detect the last balloon change, then
that's the time we could emit BALLOON_CHANGE (vs. emitting only when the
target is reached). I don't think the timeout is a bad idea, though.
> >> Should we perhaps just rate limit it to once per second ?
> >>
> >> BTW, if we're considering guest initiated events to be a potential
> >> DOS in this way, then I should point out the RTC_CHANGE event
> >> will already suffer this way, if a malicious guest continually
> >> adjusts its hardware close. So we might want to apply rate limiting
> >> to that event too ?
> >
> > I think several events can suffer from that. For example, a VNC
> > client could repeatedly connect& disconnect from QEMU. If we're going
> > to fix this, then we'd need a general solution for it.
>
> No, VNC clients are a whole different ballgame. VNC connections will only
> happen from the management network, we don't worry about memory allocation from
> malicious VNC clients.
That's true, but as far as an event floods are concerned, I'm not completely
sure we should trust the management network.
But that was only an example, I think that the SUSPENDED event could also
be used by a malicious guests the way Daniel describes above.
next prev parent reply other threads:[~2012-05-18 13:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-16 10:10 [Qemu-devel] [PATCH] Add event notification for guest balloon changes Daniel P. Berrange
2012-05-16 18:42 ` Luiz Capitulino
2012-05-16 18:58 ` Anthony Liguori
2012-05-16 19:03 ` Luiz Capitulino
2012-05-17 7:49 ` Daniel P. Berrange
2012-05-17 12:56 ` Luiz Capitulino
2012-05-17 21:20 ` Anthony Liguori
2012-05-18 13:09 ` Luiz Capitulino [this message]
2012-05-21 11:14 ` Amit Shah
2012-05-21 11:29 ` Daniel P. Berrange
2012-05-21 12:16 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120518100934.0c7b2294@doriath.home \
--to=lcapitulino@redhat.com \
--cc=amit.shah@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=armbru@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).