6

I am researching the possibility of overcommitting memory on a host where many Windows servers are running. The virtual machines are QEMU/KVM backed and managed by Libvirt. My current observation is that as soon as the Windows Server boots, the QEMU process will occupy the same amount of RSS memory as defined in -m option. On the other hand, a Linux guest does not behave the same way, as it will gradually consume more memory as the virtual machine runs.

One solution to over commit memory is to enable KSM. But the drawback of this solution is it does request some time to do the page iterating and merging. So it still may be allow booting many Windows servers within a short period of time.

Then I am looking at memory balloon. I try to inflate the balloon and then immediately deflates it in the hope that on the host, the RSS will not increase. But obviously it is not the case. I observe that as soon as the balloon deflates, the host RSS memory increases.

I am wondering if the Windows memory management system automatically zeros out memory after ExFreePool or other calls.

Improve this question
5
  • Can you share more details about your question after reading: ExFreePool function, which claims "This routine releases memory allocated by ExAllocatePool, ExAllocatePoolWithTag, ExAllocatePoolWithQuota, or ExAllocatePoolWithQuotaTag. The memory block must not be accessed after it is freed."
    – Luuk
    Aug 19 at 8:59
  • "The memory block must not be accessed after it is freed." so, NO Windows will not do that ...
    – Luuk
    Aug 19 at 9:13
  • 1
    You misunderstood his question. Touching freed memory ptr would trigger a kernel exception obviously.
    – BaronSamedi1958
    Aug 19 at 18:48
  • Worth noting that Windows does have to zero out the memory before giving it to a userspace process (if it should choose to allocate the memory to a user process, which is not guaranteed to happen).
    – Nonny Moose
    Aug 19 at 19:54
  • ExAllocatePool APIs are strictly kernel-mode. Windows is just a subsystem within NT kernel architecture. Kernel APIs and Win32 APIs are from the different planets.
    – RiGiD5
    Aug 19 at 21:30

1 Answer 1

Reset to default
12

I am wondering if windows memory management system automatically zeros out memory after ExFreePool or other calls. Thank you very much in advance for the help.

It does not. It’s super-easy to check actually. Write a simple driver issuing series of ExAllocatePoolXxx calls with random requested pool sizes, fill allocated memory with a known pattern, say GUID and each time incremented global counter. Free memory after RtlFillMemory call. Start checking what you’re getting from ExAllocatePoolXxx by dumping the very beginning of the pool region, and at some point you’ll see your own signatures in what you’re allocating.

Improve this answer
1
  • 3
    thank you very much. l'll try this approach and see the result.
    – jshen28
    Aug 20 at 7:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .