On Sun, 2017-01-08 at 22:06 +0000, Dario Faggioli wrote: > Il 08 gen 2017 08:31, Meng Xu <xumengpa...@gmail.com> ha scritto: > [cc. Dario and George] > On Fri, Jan 6, 2017 at 1:34 PM, wy11 <w...@rice.edu> wrote: > > Recently I read a paper about possible theft of service attacks in > Xen > > hypervisor. > > > > https://arxiv.org/pdf/1103.0759.pdf > > IIRC, is that it's a known attack vector and it's been fixed. > And it appears I was remembering right. Check commit 78c9b2a64b38ee72cc4d3ea9e93a1a5d224ed822 "Accurate accounting for credit scheduler", from George, in August 2009.
The changelog says: Rather than debit a full 10ms of credit on a scheduler tick (probabilistic), debit credits accurately based on time stamps. The main problem this is meant to address is an attack on the scheduler that allows a rogue guest to avoid ever being debited credits. The basic idea is that the rogue process checks time (using rdtsc) periodically, and yields after 9.5ms. Using this technique, a guest can "steal" 95% of the cpu. This is particularly an issue in cloud environments. So, that's the reaction to exactly the attack vector described in the paper being found and reported, and it closes the hole by precisely accounting how much credits a vCPU consumes. It does it with full nanoseconds granularity, and it does it precisely. So, the final and conclusive answer to your doubt is that _none_ of the existing Xen scheduler (Credit, Credit2 or RTDS) are affected by the problem described in the paper, and you can use whichever one you like, with no fear. :-) Regards, Dario -- <<This happens because I choose it to happen!>> (Raistlin Majere) ----------------------------------------------------------------- Dario Faggioli, Ph.D, http://about.me/dario.faggioli Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)
Description: This is a digitally signed message part
_______________________________________________ Xen-devel mailing list Xenfirstname.lastname@example.org https://lists.xen.org/xen-devel