tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Balloon driver.

On 07.07.2010 13:37, Thor Lancelot Simon wrote:
> On Wed, Jul 07, 2010 at 01:57:30PM +0530, Cherry G. Mathew wrote:
>>> How would you stop the domU being able to increase its memory size (e.g. on
>>> a hosted service, you wouldn't want the client taking more resources than
>>> they've paid for)?
>> There are no such limits by design at the moment. However at the
>> moment a de-facto limit exists (ie; the amount specified in the domU
>> config file), because we don't add more pages than we had to begin
>> with. Fixing this will need looking at uvm(9).)
> This is pretty bogus -- it seems like it allows a single domU to
> effectively take over the entire virtualization environment.  I think
> there really needs to be a hard cap enforced by the dom0 -- what's to
> keep a misbehaving Linux domU, for instance, which starts up early, from
> balooning away every last page on the machine and preventing later domUs
> from starting?
> I believe this should be disabled on the dom0 side by default until
> this problem is addressed.

The mem-max operation is part of the "domctl" hypercalls, like create,
pause, resume, etc; they must be performed by a privileged domain
(99,99% of the time, the dom0) or else, the hypervisor will return EPERM.

Jean-Yves Migeon

Home | Main Index | Thread Index | Old Index