[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] SUPPORT.md: extend security support for x86 hosts to 12 TiB of memory


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: George Dunlap <George.Dunlap@xxxxxxxxxx>
  • Date: Wed, 25 May 2022 10:11:42 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C1sMPRpRtdJlwn+FvFZMBvAovNRw+WBr4Wwzqhk1Xic=; b=J3FVHmbX69MbKmRlvhA7jUFpULAyzikawicOSTottVLzrC3KpjY0D62LWLHsIao9uUT+GfBGflJVI43kildjrXI46gveO0ElSq9+IHjkxY/ioXoesXkTFd6+ZGKIECjBF/iHzTqkXxT70yE1QNSsac4mpBJjQkmXNV6mUsa+fG03CSeJkwRkxiLPedXgl5nhYND8t6vGKMrTi/g6s+Cw/YRhwZEDohTijgnZesT2OY+pBX+9EI/QXUV+7qGSOTo20R6aBNBf/X8dsBtFkg7uoWutatzkGRkcHjUr9z187tpJK7TZaDAeBZ5kDCv5QYwVSRgj39wHU0ib8MjpgvOmrg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RBzB3X2g/mqYw+rcTTlrcKljR3CIH7zh11qmMFCL2TKMwj770uTYjSsWJbPgLSnSOU6OqPG4D7D4Tik+GS8cMDqHohGhXn+OM/lAz68/5dg7k9d5cn/j7Wj0y+PnavY/wK24TArpmBTiWa7BzJA/b3yvZEx//2wipLIvRq55N4jMpsXxFreXMsNvViGLpyigvywFOcFzstcwplRKhG470Frhyf8t/a1RcUhxlOWanaheiSiNw5NebpufEMwOJZZ4LQhm9KB50UQLdjTgLnAvd3QXWyIrL2ndwXZL4bUWXFhJGMd+QYKw+HE+W4qpCVrxEtN1rFmtfoQKYZwi3tfgQA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Wed, 25 May 2022 10:12:10 +0000
  • Ironport-data: A9a23:j/jlPKh7UkOBBv21QQLtrvZ2X1616BEKZh0ujC45NGQN5FlGYwSy9 lOraxnFY6jUMyawOYxoOc7lxf41ycTSzd5qSgVtpHowFnsXpcTJXISSdRz6YS7Nd5WfFh42v swQY9fKd5psHnKBrEqma7S6p3cjiv7WS7H3Vb7IY3gZqWOIMMsEoUsLd7kR3t446TTAPz6wh D/SnyH+EAP8izIrPmhN4viK90hksav/5D5Ct1djOvsT4gGHziFPXc4Tfa2/ESD1E9JedgKYq 0cv710bEkfxpUpF5gaNy+6jGqEyaueOe1DI0BK6YoD66vR4jnVaPp0TabxNMC+7tx3Tx4ork IgX6MTpIesUFvakdNo1AkEw/x5WZcWqyJefSZRomZXOp6FuWyKEL8RGVCnaD6VBkgpEKTgmG cgjACIMdni+a9eem9pXfAXOavMLd6EHNKtH0p1pIKqw4fwOGfgvSI2SjTNUMatZammj0p8ya uJAAQeDYigsbDUTYg1HKaoimtuwn3XxbCdmgQLKp4Eetj27IAxZiNABMfLzU/nTH4B/uBbdo WjLuWPkHhsdKdqTjyKf9W6hjfPOmiW9X58OELq/9bhhh1j7Km47UUVKEwfk56TkzBfgC7qzK GRNksYqhYc/81akQ5/RQhu8qWastR8AQdtAVeY97Wlhz4KLulrIVzFaFFatbvR+jYxvdAJ09 mTYgoPjGjwzoOelZk20o+L8QTSafHJ9wXU5TS0OQBYB4tLjiJoulR+JRdFmeIalg9uwFTzuz jSiqCklm65VncMNz7+8/13Mn3SrvJehZgwo4gTaWEq14wU/Y5SqD6Sz8kTS5/tEKIefT3GCs WIClszY6/oBZbmSkASdTeNLG6umj8tpKxXZiF9rWpMnpzKk/if5eZgKuW8uYkB0LswDZDnlJ lfJvh9c74NSO33sarJrZ4W2CIIhyq2I+cnZa804p+FmOvBZHDJrNgk3DaJM9wgBSHQRrJw=
  • Ironport-hdrordr: A9a23:uvVQUqHptlpBa/sopLqFRJHXdLJyesId70hD6qkvc3Fom52j/f xGws5x6fatskdrZJkh8erwW5VoMkmsj6KdgLNhcItKOTOLhILGFvAE0WKP+Vzd8mjFh5ZgPM RbAuRD4b/LfD5HZK/BiWHWferIguP3iZxA7t2urUuFODsaD52ImD0JbzpzfHcXeCB2Qb4CUL aM7MtOoDStPV4NaN6gO3UDV+/f4/XWiZPPe3c9dlAawTjLqQntxK/xEhCe0BtbeShI260e/W /MlBG8zrm/ssu81gTX2wbontVrcZrau5t+7f63+4oowwbX+0OVjUNaKvm/VQUO0aKSAZAR4Z 7xSlkbToJOAjjqDxyISFPWqnXdOXAVmjDfIBaj8AXeiN28SzQgB8Vbg4VFNhPf9ko7pdl5lL lGxmSDqvNsfFv9dLSU3am2a/hGrDvDnZMZq59bs5Wfa/ptVJZB6YgEuE9FGpYJGyz3rIghDe l1FcnZoPJba0mTYXzVtnRmhIXEZAV4Ij6WBkwZ/sCF2Tlfm350i0Me2cwEh38FsJYwUYNN6e jIOrlh0LtOUsgVZ6RgA/ppe7r9NkXdBRbXdG6CK1XuE68Kf3rLtp7s+b0woPqnfZQZpaFC76 gpkGkowVLaV3ieefFmhqc7gywlaF/NLgjF24VZ+4VzvKH6Sf7iLTCDIWpe5vednw==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYcBjWfPzTxGjMZkmAolCxhSaQOa0vX3IA
  • Thread-topic: [PATCH v2] SUPPORT.md: extend security support for x86 hosts to 12 TiB of memory


> On May 25, 2022, at 10:21 AM, Jan Beulich <jbeulich@xxxxxxxx> wrote:
> 
> c49ee0329ff3 ("SUPPORT.md: limit security support for hosts with very
> much memory"), as a result of XSA-385, restricted security support to
> 8 TiB of host memory. While subsequently further restricted for Arm,
> extend this to 12 TiB on x86, putting in place a guest restriction to
> 8 TiB (or yet less for Arm) in exchange.
> 
> A 12 TiB x86 host was certified successfully for use with Xen 4.14 as
> per https://www.suse.com/nbswebapp/yesBulletin.jsp?bulletinNumber=150753.
> This in particular included running as many guests (2 TiB each) as
> possible in parallel, to actually prove that all the memory can be used
> like this. It may be relevant to note that the Optane memory there was
> used in memory-only mode, with DRAM acting as cache.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

I haven’t been following the discussion, but the form &c LGTM:

Acked-by: George Dunlap <george.dunlap@xxxxxxxxxx>

Attachment: signature.asc
Description: Message signed with OpenPGP


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.