Xen project Mailing List

RE: [Xen-devel] [PATCH] xenballoond (memory overcommit) scripts

From: "Dan Magenheimer" <dan.magenheimer@xxxxxxxxxx>

Date: Tue, 1 Jul 2008 08:19:25 -0600

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 01 Jul 2008 07:20:13 -0700

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Thread-index: AcjbhXURk6Ah5e8TQsiu7wNyCv1V3g==

Hi Viets -- A guest can't be ballooned without its "permission". The original implementation had the selfballooning in the guest's balloon driver, which could be rmmod'd inside the guest, so I don't think the old model was more secure than the new, which puts the selfballooning in a daemon. The worst that a malicious guest can do in either case is ensure it always gets all the memory that's assigned to it. Or have you thought of a different attack scenario? Thanks for the testing. Make sure you try running "watch -d xenballoond-monitor" in domain0. Thanks, Dan > -----Original Message----- > From: viets@xxxxxxx [mailto:viets@xxxxxxx] > Sent: Tuesday, July 01, 2008 6:06 AM > To: dan.magenheimer@xxxxxxxxxx > Cc: xen-devel@xxxxxxxxxxxxxxxxxxx > Subject: Re: [Xen-devel] [PATCH] xenballoond (memory > overcommit) scripts > > > Hello, > > is it a good idea to run a memory balloon process in a domU? > As you know > I've tested your xenbus selfballooning, I've thought this > make more sense? > > I thought it would be more secure and better for policing > reasons to run > in dom0? > > I've just tested the script and it works fine, now i will try it for a > short periode... > > greetings > Viets > > Dan Magenheimer wrote: > > Attached is the current xenballoond script-set I > > talked about at Xen Summit 2008 that supports > > memory overcommit. > > > > I've had a number of requests for the scripts and, > > though more polishing would be nice, it makes sense > > to push them upstream so that others in the community > > can try/test them and improve on them. > > > > Note that there is no impact on any xen installation > > or on any guest unless the scripts are intentionally > > installed and configured on one or more guests. > > > > See the README and conf files for more info. > > > > All files are new so, in addition to the patch, > > these hg add commands will need to be done in > > the main tree. > > > > hg add tools/xenballoond > > hg add tools/xenballoond/xenballoond.init > > hg add tools/xenballoond/xenballoond > > hg add tools/xenballoond/xenballoon.conf > > hg add tools/xenballoond/xenballoon.README > > hg add tools/xenballoond/xenballoon-monitor > > > > Signed-off-by: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx> > > > > Thanks, > > Dan > > > > > > > -------------------------------------------------------------- > ---------- > > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@xxxxxxxxxxxxxxxxxxx > > http://lists.xensource.com/xen-devel > >

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.