[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] When would Xen reset page access rights for a non-migrating guest?


At 14:42 +0200 on 19 Mar (1395236568), Razvan Cojocaru wrote:
> I have an application that uses libxc (specifically
> xc_hvm_set_mem_access()) to protect a bunch of interesting pages - I'm
> interested in being notified when writes to these pages happen (via
> the mem_event mechanism).
> However, it seems that once in a great while, after setting access
> rights, something happens that allows unnotified writes to these
> pages. Working under the assumption that it might have something to do
> the the live-migration mechanism, I've set "nomigrate = 1" in the
> guest's configuration file. When that did not work, I even called
> xc_domain_disable_migrate() from my application, again to no avail.

Is there some higher-level thing you can do to make sure the VM isn't
getting migrated/saved/restored?  Or conversely, have you any reason
to believe that that's what's happening?

> I also though it might have something to do with balooning, but the
> only memory-related keyword in my guest's configuration file is
> "memory = 2048" (no maximum memory specified that would hint towards
> ).

AFAIK the guest could still be ballooning; in any case the interaction
with ballooning seems like one you should test and fix. :)  It should
be mostly working already, I think: pages added during ballooning will
get the default mem-access settings (but will have undefined contents).

> It probably has something to do with the code in tmem.c
> (save/restore). What could cause this?

That's very unlikely unless you've specifically turned tmem on.

I think the most likely thing is some path that writes to guest memory
without being explicitly a CPU->RAM write from the guest.  E.g. a guest
with PV drivers making a hypercall that copies some results back, or
some emulated DMA, or the guest has granted write access to another VM.



Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.