|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] libxc: try to find last used pfn when migrating
Juergen Gross writes ("Re: [Xen-devel] [PATCH] libxc: try to find last used pfn
when migrating"):
> xl migrate will use much less resources for a domain with a 3.x kernel
> started with max_mem being much larger than mem. E.g. in case you start
> a domain on a small stand-by system and migrate it later to the large
> production system and want to balloon it up there.
>
> Additionally there was a discussion this week on irc regarding this
> topic and concern was raised this could block dom0 responsiveness.
I agree that this is a real problem but AFAICT I don't think the
approach taken in Juergen's toolstack patch will solve it completely.
I would phrase the bug like this:
A malicious guest kernel can cause the toolstack, when attempting
to migrate the domain, to use wildly excessive dom0 RAM.
I think where the administrator has configured a guest with (say) 1G
of RAM, the memory used by the toolstack to migrate it should be
significantly less than that 1G.
If the toolstack algorithms are such that strange behaviour by a guest
could violate this assumption, then the toolstack should have an
explicit check and (by default, at least) refuse to migrate such a
guest.
I think Juergen's patch is a good workaround for existing guests which
/accidentally/ exhibit undesirable behaviour, if we want to keep
supporting them.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |