Hi, On 5/26/20 9:41 AM, Jan Beulich wrote: > On 25.05.2020 17:51, Hans van Kranenburg wrote: >> This bug report is a follow-up to the thread "Domu windows 2012 crash" >> on the xen-users list. In there we found out that it is possible to set >> a value for shadow_memory that is lower than a safe minimum value. >> >> This became apparent after XSA-304, which caused using more of this type >> of memory. Having a hardcoded line like shadow_memory = 8 results in >> random crashes of the guest, > > I don't think it is the tool stack's responsibility to override > admin requested values, or at least not as far a affecting guest > stability goes;
This is not primarily a technical issue, or about if software works correct in a mathematical proven way. It's a usability issue, so it's about what levels of unknowingly unloading guns into feet is deemed desirable. And, if that's happening, how difficult it should be for a user to actually find out what's wrong. > host stability of course needs to be guaranteed, > but that's then still the hypervisor's job, not the tool stack's. > > Compare this to e.g. setting too small a memory= for a guest to > be able to boot at all, or setting maxmem > memory for a guest > without balloon driver. > > Furthermore - what would the suggestion be as to a "safe minimum > value"? Assuming _all_ large pages may potentially get shattered > is surely a waste of memory, unless the admin really knows > guests are going to behave that way. (In your report you also > didn't mention what memory= values the issue was observed with. > Obviously larger memory= also require bumping shadow_memory= at > least from some point onwards.) Thanks, Hans
