Il 11/08/2014 13:15, Daniel P. Berrange ha scritto: >> > 1. Don't throttle. Client can rely on events as long as it keeps the >> > QMP connection alive. Client should poll after establishing the QMP >> > connection. > A malicious guest OS can flood libvirt with events in this way. Of course > even if we throttle, a compromised QEMU can still flood libvirt. The only > fail-safe protection is for libvirt to detect flooding and throttle the > rate at which it talks to the (malicious) QEMU. >
If you use rerror=stop,werror=stop, only a limited error can be passed down to libvirt before libvirt invokes the "cont" command and there's no need to do any throttling. Paolo
