From: David Scott Date: Tue, 12 Oct 2010 09:32:18 +0000 (+0100) Subject: CA-41832: clip the target of an 'inactive' domain to be within dynamic_min/dynamic_max X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=0ce4df0e6718dc3bac8d45ca769fa4cf499b5c7f;p=xcp%2Fxen-api.git CA-41832: clip the target of an 'inactive' domain to be within dynamic_min/dynamic_max This is potentially dangerous: the reason we attempt to cap the memory usage of an unresponsive domain is to prevent it suddenly waking up and allocating at a bad moment, resulting in either a transient OOM or loss of low memory. With this change the cap will be 'loose', where target can be higher than memory_actual. Signed-off-by: David Scott --- diff --git a/ocaml/xenops/squeeze.ml b/ocaml/xenops/squeeze.ml index c750fd37..2938466b 100644 --- a/ocaml/xenops/squeeze.ml +++ b/ocaml/xenops/squeeze.ml @@ -527,7 +527,12 @@ let change_host_free_memory ?fistpoints io required_mem_kib success_condition = let maxmems = IntMap.mapi (fun domid domain -> if List.mem domid declared_inactive_domids - then min domain.target_kib domain.memory_actual_kib + then + (* CA-41832: clip the target of an 'inactive' domain to within the dynamic min-max range. + The danger here is that a domain might be using less than dynamic min now, but might + suddenly wake up and allocate memory belonging to someone else later. *) + let ideal_kib = min domain.target_kib domain.memory_actual_kib in + min domain.dynamic_max_kib (max domain.dynamic_min_kib ideal_kib) else if List.mem_assoc domid new_targets then List.assoc domid new_targets