[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/3] tools: support autoballooning of xenstore domain



On 08/08/16 16:45, Ian Jackson wrote:
> Juergen Gross writes ("[PATCH 0/3] tools: support autoballooning of xenstore 
> domain"):
>> Support xenstore domain autoballooning by:
>> - adding --maxmem parameter to init-xenstore-domain
>> - build xenstore stubdom with Mini-OS CONFIG_BALLOON set
>> - add XENSTORE_MAX_DOMAIN_SIZE parameter to sysconfig.xencommons
>>
>> This series requires Mini-OS ballooning support, of course. I'm posting
>> it now because this will make it easier to test my Mini-OS series.
> 
> The basic idea seems sound enough, and I didn't spot much wrong with
> the implementation, although I have some questions/observations:
> 
>  * AFAICT this is going to take effect for C xenstored.  But ISTM that
>    we probably want to be moving away from C xenstored; its code is
>    difficult, it has a history of hard to fathom bugs, and I'm
>    concerned about its security properties.

This should work for ocaml based xenstore domain, too. I've been told
that is based on Mini-OS, so there is no reason it shouldn't work.

>  * I find that the pointer-arithmetic-based parsing style (as seen in
>    patch 1) very hard to read.  I haven't reviewed it.  But I think it
>    is not exposed to untrusted input so I don't think I care.

I wouldn't mind another way to do it. This variant seemed to be most
compact and passed all verification testing I did (and I tried a lot
of nonsense).

>  * If we are going in this direction, this feature probably wants to
>    be enabled by default.  Do you have a good idea of default
>    parameters ?

Hmm, that's not too easy. For a "normal" guest about a quarter MB of
memory for Xenstore seems to be a lot. I guess these days most guests
have at least 256 MB, so 1/1000 of host memory seems to be appropriate.
We don't risk anything going a little bit higher, as Mini-OS doesn't
have anything like page structures consuming memory for the not yet
taken domain memory. Of course we need some MB (e.g. 4) as a starting
point as the kernel needs some memory even if the host is very small.
So what about 4:1/512 ? This would give us 4 MB at minimum and on a
16 TB machine we could go up to 32 GB which still wouldn't blow up the
theoretical boundaries of Mini-OS.


Juergen

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.