[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features

To: George Dunlap <george.dunlap@xxxxxxxxxx>, Olaf Hering <olaf@xxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Thu, 23 Nov 2017 12:17:54 +0000
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Tamas KLengyel <tamas.lengyel@xxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Ian Jackson <ian.jackson@xxxxxxxxxx>
Delivery-date: Thu, 23 Nov 2017 12:18:14 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 23/11/17 12:00, George Dunlap wrote:
> On 11/23/2017 11:55 AM, Olaf Hering wrote:
>> On Thu, Nov 23, Olaf Hering wrote:
>>
>>> On Thu, Nov 23, Jan Beulich wrote:
>>>> Olaf, are you still playing with it every now and then?
>>> No, I have not tried it since I last touched it.
>> I just tried it, and it failed:
>>
>> root@stein-schneider:~ # /usr/lib/xen/bin/xenpaging -d 7 -f /dev/shm/p -v
>> xc: detail: xenpaging init
>> xc: detail: watching '/local/domain/7/memory/target-tot_pages'
>> xc: detail: Failed allocation for dom 7: 1 extents of order 0
>> xc: error: Failed to populate ring gfn
>>  (16 = Device or resource busy): Internal error
> That looks like just a memory allocation.  Do you use autoballooning
> dom0?  Maybe try ballooning dom0 down first?

Its not that.  This failure comes from the ring living inside the p2m,
and has already been found with introspection.

When a domain has ballooned exactly to its allocation, it is not
possible to attach a vmevent/sharing/paging ring, because attaching the
ring requires an add_to_physmap.  In principle, the toolstack could bump
the allocation by one frame, but that's racy with the guest trying to
claim the frame itself.

Pauls work to allow access to pages not in the p2m is the precursor to
fixing this problem, after which the rings move out of the guest
(reduction in attack surface), and there is nothing the guest can do to
inhibit toolstack/privileged operations like this.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
  - From: Olaf Hering

References:
- [Xen-devel] [PATCH 01/16] Introduce skeleton SUPPORT.md
  - From: George Dunlap
- [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
  - From: George Dunlap
- Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
  - From: George Dunlap
- Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
  - From: Olaf Hering
- Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
  - From: Olaf Hering
- Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
  - From: George Dunlap

Prev by Date: [Xen-devel] [xen-unstable test] 116445: tolerable FAIL - PUSHED
Next by Date: Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
Previous by thread: Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
Next by thread: Re: [Xen-devel] [PATCH 13/16] SUPPORT.md: Add secondary memory management features
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.