|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-bugs] [Bug 288] New: Unpivileged domains can start ulimited VCPUs ... resulting in denial of service
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=288 Summary: Unpivileged domains can start ulimited VCPUs ... resulting in denial of service Product: Xen Version: unstable Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Hypervisor AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx ReportedBy: jyoung5@xxxxxxxxxx Problem: When a domain is being built from a privleged domain (in this case dom0) one can request how many VCPUs a domain can have. But once that unprivelged domain is up and going, that unprivelged domain can start as many VCPUs (via a hypercall) as it would like for itself. Since VCPUs are given a fair share of the CPU time this can result in a malicious unpriviledged domain to increase it's CPU time resulting in loss of CPU time for other domains at worst resulting in a denial of service situation for other domains on the system. Possible Solution: Only privileged hypercall should be allowed to add VCPUs to a domain. -- Configure bugmail: http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. _______________________________________________ Xen-bugs mailing list Xen-bugs@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-bugs
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |