[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Granularity of Credit and RTDS Scheduler

Il 08 gen 2017 08:31, Meng Xu <xumengpanda@xxxxxxxxx> ha scritto:
[cc. Dario and George]

On Fri, Jan 6, 2017 at 1:34 PM, wy11 <wy11@xxxxxxxx> wrote:
> Dear Xen developers,

Hi,

>
> Recently I read a paper about possible theft of service attacks in Xen
> hypervisor.
>
> https://arxiv.org/pdf/1103.0759.pdf

I quickly read it. It is interesting to see that EC2 suffers from such issue.
According to 4.1, it seems to me that this is more like a scheduler
"bug" in budget accounting logic.

It's from March 2011. I was pretty new to Xen at the time, I'm sure George knows better.

IIRC, is that it's a known attack vector and it's been fixed. I can look at the paper and dig in the code and find proper references during during this coming week, when back from time-off, but you probably can verify it yourself, if you look carefully.

When the attack VCPU wake up, the scheduler should starts to counting
all time consumed from now on for the attack VM, instead of the victim
VM. When the attack VCPU sleeps, the scheduler should accounts the
budget consumed for the attack VM.

In the event-driven RTDS scheduler, this issue should not happen. The
scheduler did account the budget for the correct VMs, IIRC.
Is there any experiment showing that RTDS scheduler suffers this issue?

I'm sure this is not an issue for neither RTDS nor Credit2. But it's most likely not an issue any longer either for Credit.

Refards, Dario

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.