Comment 19 for bug 1732976
Revision history for this message
| Matt Riedemann (mriedem) wrote Re: Potential DoS by rebuilding the same instance with a new image multiple times | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Here is the stable/pike fix for the new DoS issue:
https:/
As for the description, I'd make the following changes:
1. Change the title to: "Nova FilterScheduler doubles resource allocations during rebuild with new image"
2. The last sentence is a bit confusing:
> This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239), so only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
The fix for CVE-2017-16239 went further than stable/pike. I think the thing to point out is that this new CVE only affects deployments running stable/pike or later, including on all of their nova-compute services and the scheduler. Before Pike the FilterScheduler in the nova-scheduler service won't create allocations in Placement, and before Pike the ResourceTracker in the nova-compute service will automatically adjust allocations in Placement in a periodic task.
So maybe we should say, "This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239), however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected."