VMware Cloud Community
JeremyGuo
Contributor
Contributor
‎03-04-2013 06:06 PM

Ballooning to pin the memory be reclaimed

Hi, All

just a quick question, maybe it's already been asked or answered.

is there any possbility that some hacking or virus could tamper the balloon driver to report wrong memory address or memory relcaim amount to hypervisor, so that the hypervisor reclaim wrong memory and cause the virtual machine crash.

thanks

Jeremy 

0 Kudos
8 Replies
SG1234
Enthusiast
Enthusiast
‎03-04-2013 07:10 PM

since balloon driver runs with in the kernel -- unless the system is really compromised I dont think this is  possible

HTH

0 Kudos
Sreec
VMware Employee
VMware Employee
‎03-04-2013 08:12 PM

Hi,

    Welcome to the communities Smiley Happy   

    Hypervisor reclaim wrong memory and cause the virtual machine crash? It will never happen:smileycool:.A balloon driver is loaded into the guest operating system as a pseudo-device driver.It has no external interfaces to the guest operating system and communicates with the hypervisor through a private channel.If you want to read some good post ,please do check >http://blogs.vmware.com/vsphere/2012/02/disable-ballooning.html

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
JeremyGuo
Contributor
Contributor
‎03-04-2013 09:51 PM

thanks, SG1234 and Sreec.

yes, I am reading the "understanding memory resource managment in VMware vsphere 5.0'

my concern is when a virtual machine is hacked or affected by virus, can the hacker or virus possiblly send false information by using balloon driver to hypervisor, so that hypervisor reclaim wrong memory and make the virtual machine down, it would be concerned as destroy, not gain the control to host.

BTW, what's the difference of memory active and memory usage? is my vmware running well?

thanks

Jeremy

Preview file
163 KB
0 Kudos
Sreec
VMware Employee
VMware Employee
‎03-04-2013 10:18 PM

Hi,

    Active Guest Memory is defined as the amount of guest memory that is currently being used by the guest operating system and its applications

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
Sreec
VMware Employee
VMware Employee
‎03-04-2013 10:27 PM

Hi ,

   " My concern is when a virtual machine is hacked or affected by virus, can the hacker or virus possiblly send false information by using balloon driver to hypervisor, so that hypervisor reclaim wrong memory and make the virtual machine down, it would be concerned as destroy, not gain the control to host"

1.When a virtual machine is hacked can hacker possiblly send false information by using balloon driver to hypervisor so that hypervisor reclaim wrong

   memory and make the virtual machine down, it would be concerned as destroy, not gain the control to host.

If a hacker can do this much ,he can do anything in your enviromentSmiley Wink

2.Or affected by virus

Never seen a scenario where in virus plays a role,however i'm pretty sure that its not possible


Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
JeremyGuo
Contributor
Contributor
‎03-05-2013 04:37 PM

Hi, Sreec

thanks for your answer.

I am not a coding man, and don't know exactly how balloon driver and hypervisor communicates to eac other, I was just considering the problem from design and security perspective, if there is no negotiation or authentication mechanism between the balloon driver and hypervisor, I would think there is some possibility that hacking or virus pretend to send pin memory information to hypervisor to crash the virutal machine, maybe virus may cause more damage. Smiley Happy

thanks

Jeremy

0 Kudos
Sreec
VMware Employee
VMware Employee
‎03-05-2013 05:13 PM

Hello Jeremy,

                    Good Day!!! Having said earlier i have never seen any scenario where in virus pretend to send pin memory information to hypervisor to crash the virutal machine.I would say it's impossible Smiley Happy

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
JeremyGuo
Contributor
Contributor
‎03-05-2013 05:45 PM

thanks, Sreec.

basically no scenario as of now doesn't mean it wouldn't happen in the future, it all depends on the design and security mechanism to prevent such possibility to happen.

you can't convince me well.

let's stop such meaningless discussion.Smiley Wink

Jeremy

0 Kudos