>>> On 08.06.15 at 16:58, <vkuzn...@redhat.com> wrote: > "Jan Beulich" <jbeul...@suse.com> writes: > >>>>> On 03.06.15 at 15:35, <vkuzn...@redhat.com> wrote: >>> When soft reset is being performed we need to replace all actively >>> granted pages with empty pages to prevent possible future memory >>> corruption as the newly started kernel won't be aware of these >>> granted pages. >>> >>> We make the tot_pages < max_pages assumption here: previously granted pages >>> need to belong to someone and we don't want to implement possible DoS by >>> reassigning them to the grantee/anonymous domain/xen/.. (the malicious guest >>> will be able to consume all host's memory). >> >> How is that going to look in practice? I.e. won't this cause frequent >> failures? >> > > I'm not sure we actually need that in practice. In my testing backends > (even with persistent grants enabled) collaborate nicely and release all > grants. I can see a single page still being held and I suppose it's > being held by QEMU (haven't checked what that but I think it is the > console ring). In case we go for the toolstack-assisted approach we can > restart qemu and add some warning when there are active grants.
But even a single page could cause the allocation to fail because of otherwise going over the set limit. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
