Xen project Mailing List

Re: [Xen-devel] [PATCH V4] xen/arm: domain_build: allocate lowmem for dom0 as much as possible

To: Andrii Anisov <andrii.anisov@xxxxxxxxx>

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Fri, 11 Nov 2016 11:25:35 -0800 (PST)

Cc: Peng Fan <peng.fan@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, wei.liu2@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, Julien Grall <julien.grall@xxxxxxx>, van.freenix@xxxxxxxxx

Delivery-date: Fri, 11 Nov 2016 19:26:10 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, 11 Nov 2016, Andrii Anisov wrote: > Hello Julien, > > Please see my comments below: > > > From my understanding of what you say, the problem is not because domU is > > using memory above 4GB but the fact that >the backend driver does not take > > the right decision > > Yep, the problem could be treated in such a way. That is the solution that was adopted on x86 to solve the same problem, see drivers/xen/swiotlb-xen.c in Linux. > > (e.g using bounce buffer when required). > I suppose unacceptable performance drop for such kind of solution. I know it can be bad, depending on the class of protocols. I think that if numbers were provided to demonstrate that bounce buffers (the swiotlb in Linux) are too slow for a given use case, we could consider the approach you suggested. However given that it increases complexity I would rather avoid it unless the performance benefits are major. > An alternative here could be reverting of the FE-BE interaction scheme > in a following way: BE side domain provides buffers and maps them to > the FE side domain. Some time ago we estimated this approach as huge > architecture change and enormous implementation efforts. Also it does > answer to the next question: The problem with this is not much the code changes but the risk of exhausting Dom0 memory. I think the approach you proposed previously, explicitly giving memory below 4G to DomUs, is better. > > The guest should be IPA agnostic and not care how the physical device is > > working when using PV drivers. So for me, > > this should be fixed in the DOM0 OS. > Do you consider driver domain guests? Yes, they are guests, but Dom0 is a guest too. Maybe a better question is: are driver domains unprivileged guests? Yes, they should be only privilege enough to have control over the device assigned to them. However without an SMMU there is no way to enforce security, because driver domains could use the device to DMA anything they want into Dom0 or Xen memory. In practice without an SMMU driver domains are just like Dom0. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.