It was found that a modified or corrupted image file can cause a DoS
on the host when getting image info with qemu-img.
This uses the newer 'prlimit' parameter for oslo.concurrency execute
to set an address space limit of 1GB and CPU time limit of 2 seconds
when running the qemu-img info command.
Change-Id: If5b7129b266ef065642bc7898ce9dcf93722a053
Closes-bug: #1449062
(cherry picked from commit 78f17f0ad79380ee3d9c50f2670252bcc559b62b)
Reviewed: https:/ /review. openstack. org/375102 /git.openstack. org/cgit/ openstack/ cinder/ commit/ ?id=8547444775e 406a50d9d26a000 3e9ba6554b0d70
Committed: https:/
Submitter: Jenkins
Branch: stable/newton
commit 8547444775e406a 50d9d26a0003e9b a6554b0d70
Author: Sean McGinnis <email address hidden>
Date: Thu Sep 22 15:31:37 2016 -0500
Limit memory & CPU when running qemu-img info
It was found that a modified or corrupted image file can cause a DoS
on the host when getting image info with qemu-img.
This uses the newer 'prlimit' parameter for oslo.concurrency execute
to set an address space limit of 1GB and CPU time limit of 2 seconds
when running the qemu-img info command.
Change-Id: If5b7129b266ef0 65642bc7898ce9d cf93722a053 e3d9c50f2670252 bcc559b62b)
Closes-bug: #1449062
(cherry picked from commit 78f17f0ad79380e