WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] [PATCH] xenballoond (memory overcommit) scripts

To: "viets@xxxxxxx" <viets@xxxxxxx>
Subject: RE: [Xen-devel] [PATCH] xenballoond (memory overcommit) scripts
From: "Dan Magenheimer" <dan.magenheimer@xxxxxxxxxx>
Date: Tue, 1 Jul 2008 08:19:25 -0600
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 01 Jul 2008 07:20:13 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <486A1DB3.7050308@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Oracle Corporation
Reply-to: "dan.magenheimer@xxxxxxxxxx" <dan.magenheimer@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcjbhXURk6Ah5e8TQsiu7wNyCv1V3g==
Hi Viets --

A guest can't be ballooned without its "permission".
The original implementation had the selfballooning
in the guest's balloon driver, which could be rmmod'd
inside the guest, so I don't think the old model
was more secure than the new, which puts the selfballooning
in a daemon.  The worst that a malicious guest can do in
either case is ensure it always gets all the memory that's
assigned to it.

Or have you thought of a different attack scenario?

Thanks for the testing.  Make sure you try running
"watch -d xenballoond-monitor" in domain0.

Thanks,
Dan

> -----Original Message-----
> From: viets@xxxxxxx [mailto:viets@xxxxxxx]
> Sent: Tuesday, July 01, 2008 6:06 AM
> To: dan.magenheimer@xxxxxxxxxx
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] [PATCH] xenballoond (memory 
> overcommit) scripts
> 
> 
> Hello,
> 
> is it a good idea to run a memory balloon process in a domU? 
> As you know
> I've tested your xenbus selfballooning, I've thought this 
> make more sense?
> 
> I thought it would be more secure and better for policing 
> reasons to run
> in dom0?
> 
> I've just tested the script and it works fine, now i will try it for a
> short periode...
> 
> greetings
> Viets
> 
> Dan Magenheimer wrote:
> > Attached is the current xenballoond script-set I
> > talked about at Xen Summit 2008 that supports
> > memory overcommit.
> >
> > I've had a number of requests for the scripts and,
> > though more polishing would be nice, it makes sense
> > to push them upstream so that others in the community
> > can try/test them and improve on them.
> >
> > Note that there is no impact on any xen installation
> > or on any guest unless the scripts are intentionally
> > installed and configured on one or more guests.
> >
> > See the README and conf files for more info.
> >
> > All files are new so, in addition to the patch,
> > these hg add commands will need to be done in
> > the main tree.
> >
> > hg add tools/xenballoond
> > hg add tools/xenballoond/xenballoond.init
> > hg add tools/xenballoond/xenballoond
> > hg add tools/xenballoond/xenballoon.conf
> > hg add tools/xenballoond/xenballoon.README
> > hg add tools/xenballoond/xenballoon-monitor
> >
> > Signed-off-by: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>
> >
> > Thanks,
> > Dan
> >
> >
> > 
> --------------------------------------------------------------
> ----------
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-devel
> 
> 
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>