<html>
<head>
<base href="https://bugs.freedesktop.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - PulseAudio gets reliably killed upon a big number of client connections"
href="https://bugs.freedesktop.org/show_bug.cgi?id=94629#c8">Comment # 8</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - PulseAudio gets reliably killed upon a big number of client connections"
href="https://bugs.freedesktop.org/show_bug.cgi?id=94629">bug 94629</a>
from <span class="vcard"><a class="email" href="mailto:tanuk@iki.fi" title="Tanu Kaskinen <tanuk@iki.fi>"> <span class="fn">Tanu Kaskinen</span></a>
</span></b>
<pre>Here's another idea for making a difficult client: use the maximum number of
channels and high sample rate. We recently bumped the maximum sample rate to
384 kHz, so either use that, or something close to it. 384 kHz is a multiple of
48 kHz, which might help the resampler (that's just wild speculation - I know
very little about resampler algorithms). 383987 is the nearest prime number,
maybe that would be pessimal. I don't know if the sample format has much
effect, but I'd imagine 24-bit non-native-endian samples would be the most
difficult choice.
A general comment on the topic: if someone decides to try to fix this bug, it
would be good to be clear whether the goal is to fully prevent the DoS attack,
or if the goal is to just reduce the chances that we accidentally die during
normal use. To me it seems very hard to reach a state where we can guarantee
that DoS attacks are impossible.
First there is the problem that how do we know when we are reaching the limits
of the cpu? If SIGXCPU can happen at relatively low load due to cpu scaling,
then we can't easily use that, assuming that we don't want to limit ourselves
to the lowest cpu frequency.
Another problem is that how do we mitigate the high cpu use without causing a
different DoS scenario. If we randomly start killing streams, that's DoS too. I
guess it would be possible to figure out what streams are from the "currently
active user" when running as a system daemon and kill all other streams, or
what streams are from untrusted applications in a sandboxing scenario and kill
those.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>