[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] QEMU bumping memory bug analysis



On Fri, Jun 05, 2015 at 05:58:11PM +0100, Ian Campbell wrote:
> On Fri, 2015-06-05 at 17:43 +0100, Wei Liu wrote:
> 
> > 3. Add a libxl layer that wraps necessary information, take over
> >    Andrew's work on libxl migration v2.  Having a libxl layer that's not
> >    part of migration v2 is a waste of effort.
> > 
> > There are several obstacles for libxl migration v2 at the moment. Libxl
> > layer in migration v2 still has unresolved issues. It has
> > inter-dependency with Remus / COLO.
> > 
> > Most importantly it doesn't inherently solve the problem. It still
> > requires the current libxl JSON blob to contain information about max
> > pages
> 
> It doesn't require that, the whole point of the libxl layer is to
> provide a suitable home for that information which is not the current
> libxl json blob (which is user facing cfg data) or the libxc stream
> (which is opaque to libxl).
> 

Right, it doesn't have to be in the user facing blob. I was wrong on
that one.

> Once you have the general concept of the libxl layer, adding a new field
> to it will be trivial (because it will have been designed to be
> trivially extendable).
> 

In light of Andrew's reply when we talked about JSON we were referring
to subtly different things. This libxl layer might be a viable solution.
I need to check it again.

The concern of not able to make it in time for 4.6 remains.

> >  (or information used to derive max pages).
> > 
> > Andrew, correct me if I'm wrong.
> > 
> > 4. Add a none user configurable field in current libxl JSON structure to
> >    record max pages information.
> > 
> > This is not desirable. All fields in libxl JSON should be user
> > configurable.
> > 
> > 5. Add a user configurable field in current libxl JSON structure to
> >    record how much more memory this domain needs. Admin is required to
> >    fill in that value manually. In the mean time we revert the change in
> >    QEMU and declare QEMU with that change buggy.
> > 
> > No response to this so far. But in fact I consider this the most viable
> > solution.
> 
> I initially thought that this was just #4 in a silly hat and was
> therefore no more acceptable than that.
> 
> But actually I think you are suggesting that users should have to
> manually request additional RAM for option roms via some new interface
> and that the old thing in qemu should be deprecated and removed?
> 

Yes.

I'm considering removing xc_domain_setmaxmem needs regardless of this
bug because that's going to cause problem in QEMU upstream stubdom with
strict XSM policy and deprivileged QEMU (may not have privilege to call
setmaxmem).

The security implication as it is now is big enough. One malicious guest
that controls QEMU has a vector to DoS hypervisor by setting its own
max_pages to -1;

> How would a user know what value to use here? Just "a bigger one till it
> works"? That's, well, not super...
> 

Not very good, but should work. A few trial and error will give you the
acceptable value. And this is easily superseded by any other more
advanced solutions.

This is going to be our last resort if Andrew's work is not a viable
solution within 4.6 time frame.

Wei.

> Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.