Xen project Mailing List

Re: [Xen-devel] [PATCHv1] xen: increase default number of PIRQs for hardware domains

To: Jan Beulich <JBeulich@xxxxxxxx>, David Vrabel <david.vrabel@xxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 5 Dec 2014 12:02:39 +0000

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Tim Deegan <tim@xxxxxxx>, Keir Fraser <keir@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>

Delivery-date: Fri, 05 Dec 2014 12:03:15 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 05/12/14 09:44, Jan Beulich wrote: >>>> On 03.12.14 at 17:04, <david.vrabel@xxxxxxxxxx> wrote: >> The default limit for the number of PIRQs for hardware domains (dom0) >> is not sufficient for some (x86) systems. >> >> Since the pirq structures are individually and dynamically allocated, >> the limit for hardware domains may be increased to the number of >> possible IRQs. > I nevertheless disagree to moving the bound up to the Xen internal > limit unconditionally: What use does it have to allow hwdom to use > thousands of MSIs? Because systems that big exist. We have one. In particular, it needs somewhere between 288 and 512 pirqs to scan the bus and bring up the physical functions alone. > If a system got that many, the main purpose of > running Xen on it I would expect to be to hand various of the > respective devices to guests. Hence no need for hwdom to have > that many by default, even if this doesn't result in any extra > resource consumption. > > That said, I can see the current default of 256 being too low though. > Quite likely in the absence of a user specified value the default > ought to be derived from nr_irqs - nr_static_irqs rather than being > any fixed number. Considering the default used for nr_irqs, I'd think > along the lines of sqrt(num_present_cpus()) * NR_DYNAMIC_VECTORS > or dom0->max_vcpus * NR_DYNAMIC_VECTORS (or the minimum of > the two) for x86. The hardware domain is trusted ultimately. It can, amongst other things, rewrite the bootloader command line and replace xen.gz. It can be trusted not to maliciously waste Xen resource. Having an arbitrary restriction on the the hardware domains means only that, in the case the arbitrary limit is hit, system devices fail to function properly. This is far more noticeable if the limit is hit during probe. The admin can edit the bootloader and increase the limit, but only if the root disk was a driver lucky enough to get its interrupt, or the default network card got its interrupts. The limit serves no security or resource purpose, but has the chance of crippling the boot of the system, and making recovery hard or impossible. On this justification alone, the limit should be removed. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.