[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [RFC, PATCH 5/24] i386 Vmi code patching

To: Chris Wright <chrisw@xxxxxxxxxxxx>
From: Zachary Amsden <zach@xxxxxxxxxx>
Date: Wed, 22 Mar 2006 15:36:02 -0800
Cc: Andrew Morton <akpm@xxxxxxxx>, Christopher Li <chrisl@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Pratap Subrahmanyam <pratap@xxxxxxxxxx>, Wim Coekaerts <wim.coekaerts@xxxxxxxxxx>, Chris Wright <chrisw@xxxxxxxx>, Joshua LeVasseur <jtl@xxxxxxxxxx>, Dan Hecht <dhecht@xxxxxxxxxx>, Andi Kleen <ak@xxxxxxx>, Jack Lo <jlo@xxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, virtualization@xxxxxxxxxxxxxx, Linus Torvalds <torvalds@xxxxxxxx>, Anne Holler <anne@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxxxx>, Jyothy Reddy <jreddy@xxxxxxxxxx>, Kip Macy <kmacy@xxxxxxxxxxx>, Ky Srinivasan <ksrinivasan@xxxxxxxxxx>, Leendert van Doorn <leendert@xxxxxxxxxxxxxx>, Dan Arai <arai@xxxxxxxxxx>
Delivery-date: Thu, 23 Mar 2006 18:00:16 +0000
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Chris Wright wrote:

You could compile all platform layers you want to support with the kernel.

But the entire point is that you don't know what platform layers youwant to support. The platform layers can change. Xen has changed theplatform layer and re-optimized kernel / hypervisor transitions how manytimes? The platform layer provides exactly the flexibility to do that,so that a kernel you compile today against a generic platform can workwith the platform layer provided by Xen 4.0 tomorrow.

Compiling the platform layer with the kernel for "source compatibility"is exactly what prevents you from doing this. And you get stuck havingthe same stable and inflexible ABI to the hypervisor, rather than acarefully architected ABI just before it. The most important designdecision in creating the VMI layer was disallowing data dependencebetween the compiled kernel and the hypervisor ABI.

I have seen, and will continue to see, every single shared data blocklayout change to meet the demands of new features. Eventually, you getto a point where it is growing antlers and having new hooves graftedonto it, yet still requires all of the original cruft you used to do.It is either a maintenance nightmare, or a compatibility nightmare. Ifyou want compatibility, you really can't break that interface all thetime, and the real world demands of customers using virtualizationsolutions really do want that compatibility. You simply can't certify acomplex platform if you have to recompile your kernel for every newrelease of your chosen hypervisor. Bugs do get introduced this way, theolder kernels fall out of maintenance, and eventually you are forcingthem to upgrade to the latest kernels, which even worse, may havechanged the userspace interface, dropped legacy feature support, andbroken your key application that was the entire point of running in a VMto begin with. People throw things in VMs and then expect those VMs tokeep running for years, and you really can't break that.

So instead, you impose a giant maintenance burden on the hypervisor,forcing them to go to all efforts to avoid breaking this hypervisorABI. That leads directly to crufty, unstable, and poor performing code.

So the VMI layer is all about defining an ABI at a slightly higherlevel. A level which has many benefits you simply can't get from sourcecompatibility. It is about the future, about preparing for the unknown,about giving a powerful abstraction to the platform layer to do whateverit chooses to do.

If Intel announces a new chip tomorrow, with a feature bit that allowsselective privileged instructions to operate in non-zero supervisorCPLs, you're really going to regret the fact that you can't issue pageinvalidations and TLB flushes directly in the kernel because youunwisely decided to compile these in as direct int $0x81 hypercalls.You can change the platform layer and let new versions pick that up, andtry to encourage people to move to newer kernels. And you have to makethis change for every single operating system you support, leading togreater risk for introducing bugs in addition to any unwanted sideeffects of a kernel upgrade. Even worse, you may find a bug that_requires_ changing the platform layer. It might be a wide, gapingsecurity hole. We had a few in the course of development (kernel CSentry value stored in shared area..). Now you have to break thehypervisor ABI, all your customers think you suck, and they have toupgrade all their systems. Perhaps they have been happily running the2.4.26 kernel up to now. What do they do?

Why do you want to bind yourself to source compatibility, when it doesnot bring you features at all, it only hurts you in terms of deploymentflexibility?


Zach

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- [Xen-devel] Re: [RFC, PATCH 5/24] i386 Vmi code patching
  - From: Chris Wright

References:
- [Xen-devel] [RFC, PATCH 5/24] i386 Vmi code patching
  - From: Zachary Amsden
- [Xen-devel] Re: [RFC, PATCH 5/24] i386 Vmi code patching
  - From: Andi Kleen
- [Xen-devel] Re: [RFC, PATCH 5/24] i386 Vmi code patching
  - From: Chris Wright
- [Xen-devel] Re: [RFC, PATCH 5/24] i386 Vmi code patching
  - From: Zachary Amsden
- [Xen-devel] Re: [RFC, PATCH 5/24] i386 Vmi code patching
  - From: Chris Wright

Prev by Date: [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II
Next by Date: [Xen-devel] RE: [RFC, PATCH 5/24] i386 Vmi code patching
Previous by thread: [Xen-devel] Re: [RFC, PATCH 5/24] i386 Vmi code patching
Next by thread: [Xen-devel] Re: [RFC, PATCH 5/24] i386 Vmi code patching
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.