Re: Bug: toolstack allows too low values to be set for shadow_memory

[Jan Beulich <jbeulich@xxxxxxxx>]

On 25.05.2020 17:51, Hans van Kranenburg wrote:
> This bug report is a follow-up to the thread "Domu windows 2012 crash"
> on the xen-users list. In there we found out that it is possible to set
> a value for shadow_memory that is lower than a safe minimum value.
> 
> This became apparent after XSA-304, which caused using more of this type
> of memory. Having a hardcoded line like shadow_memory = 8 results in
> random crashes of the guest,

I don't think it is the tool stack's responsibility to override
admin requested values, or at least not as far a affecting guest
stability goes; host stability of course needs to be guaranteed,
but that's then still the hypervisor's job, not the tool stack's.

Compare this to e.g. setting too small a memory= for a guest to
be able to boot at all, or setting maxmem > memory for a guest
without balloon driver.

Furthermore - what would the suggestion be as to a "safe minimum
value"? Assuming _all_ large pages may potentially get shattered
is surely a waste of memory, unless the admin really knows
guests are going to behave that way. (In your report you also
didn't mention what memory= values the issue was observed with.
Obviously larger memory= also require bumping shadow_memory= at
least from some point onwards.)

Jan