Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: DoS attack against TCP services
On Mar 13, 1:08pm, hannken%eis.cs.tu-bs.de@localhost ("J. Hannken-Illjes") wrote:
-- Subject: Re: DoS attack against TCP services
| This was just an idea ... Maybe
|
| ...xs..timeout * sc->maxunits + 10
|
| and set xs timeout to 1 .. 5 seconds?
|
| I don't think it is possible to make it self adjusting as the
| sysmon framework doesn't know the drivers timeouts.
I guess I can clamp the ccb timeout to 60 seconds...
| > | > Nevertheless, I think that the big problem with ciss is now
| > | > fixed (i.e. it will not hang forever anymore)...
| > |
| > | It may still wait longer than 30 seconds with the sme_mutex held
| > | leading to deadlock.
| > |
| > | We should use a suitable xs timeout vs. events timeout to make it safe,
| > | either increase the event timeout or decrease the xs timeout.
| >
| > It would be nice if it was safe by default, and it should spam the
| > kernel if it was late so that we know about it...
|
| Unfortunately it may deadlock BEFORE it finds a non-empty workqueue.
Can't it just try to acquire the lock and if it fails it spams, and
does not deadlock? Or even better, finds the driver that blocks it,
and bumps its timeout? It is annoying to have a monitoring service
DoS the whole machine...
christos
Home |
Main Index |
Thread Index |
Old Index