|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Is there an issue with turning off "scrubbing free RAM" on boot with Xen 4.1.3
On Sun, 2013-11-10 at 14:25 -0800, Matt Wilson wrote: > On Thu, Oct 10, 2013 at 10:42:14AM +0100, Andrew Cooper wrote: > > On 09/10/13 19:24, Roddy Rodstein wrote: > > [...] > > > > Could you please share your comments about turning of RAM scrubbing, > > > i.e. have you seen any consequences, security issues and/or threats, > > > red flags, etc...? > > [...] > > > In the Xen model, domains are responsible for clearing any sensitive > > data they have out of memory before shutdown. > > This isn't strictly true. Memory is scrubbed by Xen when the domain > cannot do it for itself (i.e., when a domain is dying during > shutdown). Isn't this only when the domain is killed by the toolstack or crashes etc. On a graceful shutdown I thought the guest was still responsible for clearing any memory it cared about. > However by default domains /are/ responsible for scrubbing > pages that are returned to Xen via a reservation adjustment (i.e., > pages returned via the balloon driver). > > --msw > > > The bootscrub is a preventative measure to ensure that after a crash, > > stale domain information is cleared from RAM before that RAM is reused > > for a new VM. > > > > If this is not a concern for you, then you can easily turn bootscrub off > > by adding "no-bootscrub" to the Xen command line. > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxx > http://lists.xen.org/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |