On Thu, Mar 08, 2007 at 01:03:48PM +0000, Daniel P. Berrange wrote:
On Thu, Mar 08, 2007 at 05:33:45PM +0900, Atsushi SAKAI wrote:
Hi, Dan
I and Sunou investivate this issue.
virsh setmem commands directry writes xenstore(memory/target) by using xenStoreDomainSetMemory()@xs_internal.c. This data (memory/target) is read by PVdomain balloon driver directly. As you know, xenstore just pass through the data between inter domain. For this reason, virsh setmem must protect at xs_internal.c not on Xen-side
Ahhh, yes that makes sense. So looks like we have no choice but to put some protection in libvirt here. Lets have a patch which applies to xs_internal.c only, and protects Dom0 with a limit of 64 MB. This avoids imposing policy on non-Dom0, or QEMU/KVM guests.
I applied the following patch which: 1/ find the places where we had an arbitrary memory value set or tested, use MIN_XEN_GUEST_SIZE defined as 64 as the base minimum and 2 * MIN_XEN_GUEST_SIZE for default when not defined 1/ add the protection to xenStoreDomainSetMemory, MIN_XEN_GUEST_SIZE for guests and 2 * MIN_XEN_GUEST_SIZE for Dom0 of course the actual values selected can be argued about but at least I think the place which are affected are now well isolated, Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/