Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: DoS attack against TCP services



On Mar 12,  8:28pm, hannken%eis.cs.tu-bs.de@localhost ("J. Hannken-Illjes") wrote:
-- Subject: Re: DoS attack against TCP services

| Looks like you made it worse.
| 
| "tick" is constant, for HZ == 100 it is 10000 so you now have
| 
| 	etick = tick + tohz -> etick = 10000 + tohz
| 
| and then
| 
| 	tohz = etick - tick -> tohz = (10000 + tohz) - 10000 -> tohz = tohz
| 
| so ciss_wait() may now loop forever.  Are you looking for hardclock_ticks?

Yes, you are right... This is what the code meant to do in the first place,
I changed it. What about the other two questions?

| > | Now we have a deadlock, softlck/0 waits for the mutex and therefore
| > | callouts will no longer be processed and ciss holds the mutex and waits
| > | for a callout through cv_timedwait.
|
| > Thanks for looking into it! Part of the ciss_ioctl_vol() (the pdid part)
| > does things with XS_CTL_POLL so that it does not involve any mutexes. It
| > would be simple to change the ldid part to do the same. Should we do that?
|
| > | - Sleeping up to 60 seconds in a function used by a callout is wrong.
| > 
| > Yes, but many disk drivers seem to violate that. How do we fix this?
| > Making a separate thread that updates statistics for each driver seems
| > suboptimal?
| > 

christos


Home | Main Index | Thread Index | Old Index