From: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
To: "Nakajima, Jun" <jun.nakajima@intel.com>
Cc: Rik van Riel <riel@redhat.com>,
"lsf-pc@lists.linuxfoundation.org"
<lsf-pc@lists.linuxfoundation.org>,
Linux Memory Management List <linux-mm@kvack.org>,
Linux kernel Mailing List <linux-kernel@vger.kernel.org>,
KVM list <kvm@vger.kernel.org>
Subject: Re: [LSF/MM TOPIC] VM containers
Date: Sun, 24 Jan 2016 17:06:56 +0000 [thread overview]
Message-ID: <20160124170656.6c5460a3@lxorguk.ukuu.org.uk> (raw)
In-Reply-To: <439BF796-53D3-48C9-8578-A0733DDE8001@intel.com>
> > That changes some of the goals the memory management subsystem has,
> > from "use all the resources effectively" to "use as few resources as
> > necessary, in case the host needs the memory for something else".
Also "and take guidance/provide telemetry" - because you want to tune the
VM behaviours based upon policy and to learn from them for when you re-run
that container.
> Beyond memory consumption, I would be interested whether we can harden the kernel by the paravirt interfaces for memory protection in VMs (if any). For example, the hypervisor could write-protect part of the page tables or kernel data structures in VMs, and does it help?
There are four behaviours I can think of, some of which you see in
various hypervisors and security hardening systems
- die on write (a write here causes a security trap and termination after
the guest has marked the page range die on write, and it cannot be
unmarked). The guest OS at boot can for example mark all it's code as
die-on-write.
- irrevocably read only (VM never allows page to be rewritten by guest
after the guest marks the page range irrevocably r/o)
- asynchronous faulting (pages the guest thinks are in it's memory but
are in fact on the hosts swap cause a subscribable fault in the guest
so that it can (where possible) be context switched
- free if needed - marking pages as freed up and either you get a page
back as it was or a fault and a zeroed page
Alan
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-01-24 17:07 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-22 15:56 Rik van Riel
2016-01-22 16:05 ` [Lsf-pc] " James Bottomley
2016-01-22 17:11 ` Johannes Weiner
2016-01-27 15:48 ` Vladimir Davydov
2016-01-27 18:36 ` Johannes Weiner
2016-01-28 17:12 ` Vladimir Davydov
2016-01-23 23:41 ` Nakajima, Jun
2016-01-24 17:06 ` One Thousand Gnomes [this message]
2016-01-25 17:25 ` Rik van Riel
2016-01-28 15:18 ` Aneesh Kumar K.V
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160124170656.6c5460a3@lxorguk.ukuu.org.uk \
--to=gnomes@lxorguk.ukuu.org.uk \
--cc=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lsf-pc@lists.linuxfoundation.org \
--cc=riel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox