On Thu, Mar 08, 2007 at 05:33:45PM +0900, Atsushi SAKAI wrote: > Hi, Dan > > I and Sunou investivate this issue. > > virsh setmem commands directry writes xenstore(memory/target) > by using xenStoreDomainSetMemory()@xs_internal.c. > This data (memory/target) is read by PVdomain balloon driver directly. > As you know, xenstore just pass through the data between inter domain. > For this reason, virsh setmem must protect at xs_internal.c not on Xen-side Ahhh, yes that makes sense. So looks like we have no choice but to put some protection in libvirt here. Lets have a patch which applies to xs_internal.c only, and protects Dom0 with a limit of 64 MB. This avoids imposing policy on non-Dom0, or QEMU/KVM guests. Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|