[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] input: limit kbd queue depth
From: |
Gerd Hoffmann |
Subject: |
Re: [Qemu-devel] [PATCH] input: limit kbd queue depth |
Date: |
Fri, 28 Apr 2017 11:05:09 +0200 |
On Fr, 2017-04-28 at 09:49 +0100, Daniel P. Berrange wrote:
> On Fri, Apr 28, 2017 at 10:42:37AM +0200, Gerd Hoffmann wrote:
> > Apply a limit to the number of items we accept into the keyboard queue.
>
> Is there a need for similar protection fir mouse input events from VNC ?
No, there is no delay queue for mouse events.
> > Impact: Without this limit vnc clients can exhaust host memory by
> > sending keyboard events faster than qemu feeds them to the guest.
>
> Ability for a remote network client to crash a host by exhausting
> memory should be considered a security flaw & have a CVE allocated
> for it.
Sure, it's WIP, Prasit will get one.
cheers,
Gerd