On Thu, Jul 19, 2018 at 09:39:35PM +0100, Richard W.M. Jones wrote: > I did the original work using AFL to fuzz qemu-img and find > problematic images. From that work Dan & I suggested some fairly low > limits (10 seconds IIRC). See: > > https://bugs.launchpad.net/qemu/+bug/1462944 > https://bugs.launchpad.net/qemu/+bug/1462949 > > A lot more problematic images were found (at least 16), but I cannot > recall if we filed bugs for all of them. Note the images do not need > to be qcow2, since someone can upload any old thing to your service > and cause you problems. > > On Thu, Jul 19, 2018 at 11:00:14PM +0300, Nir Soffer wrote: > > The 30 seconds cpu_time time limit confuses me; it was added in: > > https://github.com/openstack/nova/commit/011ae614d5c5fb35b2e9c22a9c4c99158f6aee20 > > > > The patch references this bug: > > https://bugs.launchpad.net/nova/+bug/1705340 > > It looks as if those original limits were too low and they have been > increased. For RHV I think you should go with the same settings that > OpenStack is using.
Yes, real world usage found our original limit was too low for certain valid images, so we increased it to 30 seconds. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|