[Qemu-devel] [Bug 1687653] Re: QEMU-KVM / detect_zeroes causes KVM to start unlimited number of threads on Guest-Sided High-IO with big Blocksize

Florian Strankowski Tue, 02 May 2017 09:26:07 -0700

** Also affects: ubuntu
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1687653


Title:
  QEMU-KVM / detect_zeroes causes KVM to start unlimited number of
  threads on Guest-Sided High-IO with big Blocksize

Status in QEMU:
  Confirmed
Status in Ubuntu:
  New

Bug description:
  QEMU-KVM in combination with "detect_zeroes=on" makes a Guest able to
  DoS the Host. This is possible if the Host itself has "detect_zeroes"
  enabled and the Guest writes a large Chunk of data with a huge
  blocksize onto the drive.

  E.g.: dd if=/dev/zero of=/tmp/DoS bs=1G count=1 oflag=direct

  All QEMU-Versions after implementation of detect_zeroes are affected.
  Prior are unaffected. This is absolutely critical, please fix this
  ASAP!

  #####

  Provided by Dominik Csapak:

  source    , bs   , count     ,    O_DIRECT, behaviour

  urandom   , bs 1M, count 1024,    O_DIRECT: OK
  file      , bs 1M, count 1024,    O_DIRECT: OK
  /dev/zero , bs 1M, count 1024,    O_DIRECT: OK
  zero file , bs 1M, count 1024,    O_DIRECT: OK
  /dev/zero , bs 1G, count    1,    O_DIRECT: NOT OK
  zero file , bs 1G, count    1,    O_DIRECT: NOT OK
  zero file , bs 1G, count    1, no O_DIRECT: NOT OK
  rand file , bs 1G, count    1,    O_DIRECT: OK
  rand file , bs 1G, count    1, no O_DIRECT: OK

  discard on:

  urandom   , bs 1M, count 1024,    O_DIRECT: OK
  rand file , bs 1M, count 1024,    O_DIRECT: OK
  /dev/zero , bs 1M, count 1024,    O_DIRECT: OK
  zero file , bs 1M, count 1024,    O_DIRECT: OK
  /dev/zero , bs 1G, count    1,    O_DIRECT: NOT OK
  zero file , bs 1G, count    1,    O_DIRECT: NOT OK
  zero file , bs 1G, count    1, no O_DIRECT: NOT OK
  rand file , bs 1G, count    1,    O_DIRECT: OK
  rand file , bs 1G, count    1, no O_DIRECT: OK

  detect_zeros off:

  urandom   , bs 1M, count 1024,    O_DIRECT: OK
  rand file , bs 1M, count 1024,    O_DIRECT: OK
  /dev/zero , bs 1M, count 1024,    O_DIRECT: OK
  zero file , bs 1M, count 1024,    O_DIRECT: OK
  /dev/zero , bs 1G, count    1,    O_DIRECT: OK
  zero file , bs 1G, count    1,    O_DIRECT: OK
  zero file , bs 1G, count    1, no O_DIRECT: OK
  rand file , bs 1G, count    1,    O_DIRECT: OK
  rand file , bs 1G, count    1, no O_DIRECT: OK

  #####

  Provided by Florian Strankowski

  bs   -    count   -    io-threads

  512K -    2048    -    2
  1M   -    1024    -    2
  2M   -     512    -    4
  4M   -     256    -    6
  8M   -     128    -    10
  16M  -      64    -    18
  32M  -      32    -    uncountable

  Please refer to further information here:

  https://bugzilla.proxmox.com/show_bug.cgi?id=1368

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1687653/+subscriptions

[Qemu-devel] [Bug 1687653] Re: QEMU-KVM / detect_zeroes causes KVM to start unlimited number of threads on Guest-Sided High-IO with big Blocksize

Reply via email to