Go to file
Marek Marczykowski-Górecki 456fe99fa6
Disable scrubbing memory pages during initial balloon down
Balloon driver scrub memory page before giving it back to the
hypervisor. Normally this is a good thing, to avoid leaking VM's memory
data into Xen and other domains. But during initial startup when maxmem
is bigger than initial memory, on HVM and PVH, Populate-on-Demand (PoD) is in use.
This means every page on initial balloon down needs to be first mapped
by Xen into VM's memory (as it wasn't populated before - and in fact
didn't have any data), scrubbed by the kernel and then given back to
Xen. This is great waste of time. Such operation with default settings
(initial memory 400M, maxmem 4000M) can take few seconds, delaying every
VM startup (including DispVM). In extreme situation, when running inside
nested virtualization, the effect is much worse.

Avoid this problem by disabling memory scrubbing during initial boot,
and re-enable it as soon as user space kicks in - in initramfs, before
mounting root filesystem, to be sure it's enabled before memory contains
any kind of secrets.

This commit handle only one case - when kernel in managed by the VM
itself. It is critical to enable initramfs module whenever
xen_scrub_pages=0 kernel option is given, so make them depend on the
same condition and ship them in the same package.

Fixes QubesOS/qubes-issues#1963
2019-02-06 20:20:08 +01:00
archlinux add Python pillow and numpy dependencies 2017-11-08 17:45:21 +01:00
ci travis: run imgconverter unit tests 2017-12-21 19:57:41 +01:00
debian Disable scrubbing memory pages during initial balloon down 2019-02-06 20:20:08 +01:00
dracut Disable scrubbing memory pages during initial balloon down 2019-02-06 20:20:08 +01:00
grub Disable scrubbing memory pages during initial balloon down 2019-02-06 20:20:08 +01:00
imgconverter tests: skip the other img converter test too 2018-10-26 01:44:24 +02:00
initramfs-tools Disable scrubbing memory pages during initial balloon down 2019-02-06 20:20:08 +01:00
kernel-modules qubes-prepare-vm-kernel: Include kernel and initramfs inside modules.img 2017-10-16 23:43:03 +02:00
pkgs archlinux: created build scripts 2013-04-17 01:48:28 +02:00
qmemman Order qubes-meminfo-writer-dom0 before systemd-user-sessions 2018-09-06 16:23:12 +00:00
qrexec-lib qrexec: provide common function for handling service call 2018-02-16 04:20:31 +01:00
rpm_spec Disable scrubbing memory pages during initial balloon down 2019-02-06 20:20:08 +01:00
udev udev: create /dev/mapper/dmroot -> xvda3 symlink when its mounted directly 2018-06-13 15:48:00 +02:00
.gitignore gitignore 2014-07-26 03:36:31 +02:00
.travis.yml travis: update Fedora and Debian versions 2018-10-08 23:29:10 +02:00
Makefile Disable scrubbing memory pages during initial balloon down 2019-02-06 20:20:08 +01:00
Makefile.builder Add VM kernel related files as qubes-core-vm-kernel-support package 2015-03-25 23:25:33 +01:00
version version 4.0.22 2018-10-29 01:04:00 +01:00