From mboxrd@z Thu Jan  1 00:00:00 1970
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Subject: Re: [PATCH RFC 2/4] xen: grant_table: implement
	grant_table_soft_reset()
Date: Mon, 08 Jun 2015 16:58:41 +0200
Message-ID: <87a8wackm6.fsf@vitty.brq.redhat.com>
References: <1433338522-8422-1-git-send-email-vkuznets@redhat.com>
	<1433338522-8422-3-git-send-email-vkuznets@redhat.com>
	<5575C22C0200007800082319@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <vkuznets@redhat.com>) id 1Z1yVm-0003O2-Ot
	for xen-devel@lists.xenproject.org; Mon, 08 Jun 2015 14:58:50 +0000
In-Reply-To: <5575C22C0200007800082319@mail.emea.novell.com> (Jan Beulich's
	message of "Mon, 08 Jun 2015 15:26:20 +0100")
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Olaf Hering <olaf@aepfle.de>, Wei Liu <wei.liu2@citrix.com>, Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Julien Grall <julien.grall@linaro.org>, Ian Jackson <ian.jackson@eu.citrix.com>, Andrew Jones <drjones@redhat.com>, Tim Deegan <tim@xen.org>, David Vrabel <david.vrabel@citrix.com>, xen-devel@lists.xenproject.org, Daniel De Graaf <dgdegra@tycho.nsa.gov>, Keir Fraser <keir@xen.org>
List-Id: xen-devel@lists.xenproject.org

"Jan Beulich" <JBeulich@suse.com> writes:

>>>> On 03.06.15 at 15:35, <vkuznets@redhat.com> wrote:
>> When soft reset is being performed we need to replace all actively
>> granted pages with empty pages to prevent possible future memory
>> corruption as the newly started kernel won't be aware of these
>> granted pages.
>> 
>> We make the tot_pages < max_pages assumption here: previously granted pages
>> need to belong to someone and we don't want to implement possible DoS by
>> reassigning them to the grantee/anonymous domain/xen/.. (the malicious guest
>> will be able to consume all host's memory).
>
> How is that going to look in practice? I.e. won't this cause frequent
> failures?
>

I'm not sure we actually need that in practice. In my testing backends
(even with persistent grants enabled) collaborate nicely and release all
grants. I can see a single page still being held and I suppose it's
being held by QEMU (haven't checked what that but I think it is the
console ring). In case we go for the toolstack-assisted approach we can
restart qemu and add some warning when there are active grants.

-- 
  Vitaly