From: Wei Liu <wei.liu2@citrix.com>
To: Ian Campbell <ian.campbell@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
George Dunlap <george.dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
dslutz@verizon.com, xen-devel@lists.xen.org
Subject: Re: QEMU bumping memory bug analysis
Date: Fri, 5 Jun 2015 18:39:28 +0100 [thread overview]
Message-ID: <20150605173928.GL29102@zion.uk.xensource.com> (raw)
In-Reply-To: <1433523491.7108.369.camel@citrix.com>
On Fri, Jun 05, 2015 at 05:58:11PM +0100, Ian Campbell wrote:
> On Fri, 2015-06-05 at 17:43 +0100, Wei Liu wrote:
>
> > 3. Add a libxl layer that wraps necessary information, take over
> > Andrew's work on libxl migration v2. Having a libxl layer that's not
> > part of migration v2 is a waste of effort.
> >
> > There are several obstacles for libxl migration v2 at the moment. Libxl
> > layer in migration v2 still has unresolved issues. It has
> > inter-dependency with Remus / COLO.
> >
> > Most importantly it doesn't inherently solve the problem. It still
> > requires the current libxl JSON blob to contain information about max
> > pages
>
> It doesn't require that, the whole point of the libxl layer is to
> provide a suitable home for that information which is not the current
> libxl json blob (which is user facing cfg data) or the libxc stream
> (which is opaque to libxl).
>
Right, it doesn't have to be in the user facing blob. I was wrong on
that one.
> Once you have the general concept of the libxl layer, adding a new field
> to it will be trivial (because it will have been designed to be
> trivially extendable).
>
In light of Andrew's reply when we talked about JSON we were referring
to subtly different things. This libxl layer might be a viable solution.
I need to check it again.
The concern of not able to make it in time for 4.6 remains.
> > (or information used to derive max pages).
> >
> > Andrew, correct me if I'm wrong.
> >
> > 4. Add a none user configurable field in current libxl JSON structure to
> > record max pages information.
> >
> > This is not desirable. All fields in libxl JSON should be user
> > configurable.
> >
> > 5. Add a user configurable field in current libxl JSON structure to
> > record how much more memory this domain needs. Admin is required to
> > fill in that value manually. In the mean time we revert the change in
> > QEMU and declare QEMU with that change buggy.
> >
> > No response to this so far. But in fact I consider this the most viable
> > solution.
>
> I initially thought that this was just #4 in a silly hat and was
> therefore no more acceptable than that.
>
> But actually I think you are suggesting that users should have to
> manually request additional RAM for option roms via some new interface
> and that the old thing in qemu should be deprecated and removed?
>
Yes.
I'm considering removing xc_domain_setmaxmem needs regardless of this
bug because that's going to cause problem in QEMU upstream stubdom with
strict XSM policy and deprivileged QEMU (may not have privilege to call
setmaxmem).
The security implication as it is now is big enough. One malicious guest
that controls QEMU has a vector to DoS hypervisor by setting its own
max_pages to -1;
> How would a user know what value to use here? Just "a bigger one till it
> works"? That's, well, not super...
>
Not very good, but should work. A few trial and error will give you the
acceptable value. And this is easily superseded by any other more
advanced solutions.
This is going to be our last resort if Andrew's work is not a viable
solution within 4.6 time frame.
Wei.
> Ian.
next prev parent reply other threads:[~2015-06-05 17:39 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-05 16:43 QEMU bumping memory bug analysis Wei Liu
2015-06-05 16:58 ` Ian Campbell
2015-06-05 17:13 ` Stefano Stabellini
2015-06-05 19:06 ` Wei Liu
2015-06-05 17:17 ` Andrew Cooper
2015-06-05 17:39 ` Wei Liu [this message]
2015-06-05 17:10 ` Stefano Stabellini
2015-06-05 18:10 ` Wei Liu
2015-06-08 11:39 ` Stefano Stabellini
2015-06-08 12:14 ` Andrew Cooper
2015-06-08 13:01 ` Stefano Stabellini
2015-06-08 13:33 ` Jan Beulich
2015-06-08 13:10 ` Wei Liu
2015-06-08 13:27 ` Stefano Stabellini
2015-06-08 13:32 ` Wei Liu
2015-06-08 13:38 ` Stefano Stabellini
2015-06-08 13:44 ` Andrew Cooper
2015-06-08 13:45 ` Stefano Stabellini
2015-06-05 18:49 ` Ian Campbell
2015-06-08 11:40 ` Stefano Stabellini
2015-06-08 12:11 ` Ian Campbell
2015-06-08 13:22 ` Stefano Stabellini
2015-06-08 13:52 ` Ian Campbell
2015-06-08 14:20 ` George Dunlap
2015-06-08 15:01 ` Don Slutz
2015-06-08 15:37 ` George Dunlap
2015-06-08 16:06 ` Don Slutz
2015-06-09 10:00 ` George Dunlap
2015-06-09 10:17 ` Wei Liu
2015-06-09 10:14 ` Stefano Stabellini
2015-06-09 11:20 ` George Dunlap
2015-06-16 16:44 ` Stefano Stabellini
2015-06-09 12:45 ` Ian Campbell
2015-06-17 13:35 ` Stefano Stabellini
2015-06-08 14:53 ` Konrad Rzeszutek Wilk
2015-06-08 15:20 ` George Dunlap
2015-06-08 15:42 ` Konrad Rzeszutek Wilk
2015-06-08 14:14 ` George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150605173928.GL29102@zion.uk.xensource.com \
--to=wei.liu2@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=dslutz@verizon.com \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.campbell@citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.