Re: [Xen-devel] Xen hypervisor external denial of service vulnerability?

[Pim van Riezen <pi+lists@xxxxxxxxxxxx>]

On Feb 8, 2011, at 17:51 , Pasi Kärkkäinen wrote:

> On Tue, Feb 08, 2011 at 05:28:35PM +0100, Pim van Riezen wrote:
>> On Feb 8, 2011, at 17:10 , Pim van Riezen wrote:
>> 
>>> 
>>> On Feb 8, 2011, at 16:53 , Pasi Kärkkäinen wrote:
>>> 
>>>> Have you gived dom0 fixed amount of memory, and also increase dom0 vcpu 
>>>> weights
>>>> so that dom0 will always get enough cpu time to take care of things? 
>>> 
>>> Fixed dom0_mem, yes.
>>> Weighting, seems not, but just did a testrun with the dom0 weight set to 
>>> 512. I got 2 task blocks on one node (that seems a new development) and the 
>>> same plus another raw_safe_halt soft lockup on the other:
>> 
>> Also tried pinning 2 cpus for domain-0. Still soft lockups.
>> 
> 
> Did you also make sure VMs don't use those 2 pcpus dedicated for dom0? 
> You have to explicitly configure each VM not to use those pcpus.

That seems to have done the trick.

Added to xen command line: dom0_max_vcpus=2 dom0_vcpus_pin

Then tested after running this command:

    xm list | ( read && read && cat ) | cut -f1 -d" " | while read guest; do xm 
vcpu-pin $guest 0 2-23; done

No soft-lockups. Will do a longer test now. If something new comes up I will 
report.

Cheers,
Pim


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel