[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH] SUPPORT.md: extend security support for hosts to 12 TiB of memory
On 06.04.2022 17:15, Julien Grall wrote: > On 06/04/2022 15:44, Jan Beulich wrote: >> c49ee0329ff3 ("SUPPORT.md: limit security support for hosts with very >> much memory"), as a result of XSA-385, restricted security support to >> 8 TiB of host memory. Extend this to 12 TiB, putting in place a guest >> restriction to 8 TiB in exchange. > > And this is even without CONFIG_BIGMEM? Yes. BIGMEM only matters when memory extends past the 16 TiB boundary (i.e. when frame numbers with ore than 32 significant bits appear). >> --- a/SUPPORT.md >> +++ b/SUPPORT.md >> @@ -50,7 +50,7 @@ For the Cortex A57 r0p0 - r1p1, see Erra >> >> ### Physical Memory >> >> - Status: Supported up to 8 TiB >> + Status: Supported up to 12 TiB > > I am afraid this limit is going to be too high for Arm. Even the > previous one was technically incorrect. From [1], it should be: > - 5TB for arm64 > - 16GB for arm32 May I ask that you submit a patch correcting this, and I'll rebase on top of that? I can't really fit such an adjustment under the umbrella of the title and purpose of this change. >> @@ -121,6 +121,14 @@ ARM only has one guest type at the momen >> >> Status: Supported >> >> +## Guest Limits >> + >> +### Memory >> + >> + Status: Supported up to 8 TiB > > For Arm, this should be limited to 1TB for arm64 and 16GB for arm32. Sure, will do. >> + >> +Guests with more memory are supported, but not security supported. > > d->max_pages is a 32-bit value. So Xen can effectively only support up > to 16TB of memory. AFAICT, it would require quite a bit rework to lift > that limit. So I think it would be better to spell out the upper limit. Same here. Jan
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |