This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] RE: Ballooning up

To: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>
Subject: Re: [Xen-devel] RE: Ballooning up
From: Jeremy Fitzhardinge <jeremy@xxxxxxxx>
Date: Mon, 13 Sep 2010 15:51:58 -0700
Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Xen-devel@xxxxxxxxxxxxxxxxxxx, Daniel Kiper <dkiper@xxxxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>
Delivery-date: Mon, 13 Sep 2010 15:52:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <54eebb3a-f539-43be-8134-a969a4f671c4@default>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4C85F973.2030007@xxxxxxxx> <54eebb3a-f539-43be-8134-a969a4f671c4@default>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20100806 Fedora/3.1.2-1.fc13 Lightning/1.0b2pre Thunderbird/3.1.2
 On 09/13/2010 02:17 PM, Dan Magenheimer wrote:
>> As a side-effect, it also works for dom0.  If you set dom0_mem on the
>> Xen command line, then nr_pages is limited to that value, but the
>> kernel
>> can still see the system's real E820 map, and therefore adds all the
>> system's memory to its own balloon driver, potentially allowing dom0 to
>> expand up to take all physical memory.
>> However, this may caused bad side-effects if your system memory is much
>> larger than your dom0_mem, especially if you use a 32-bit dom0.  I may
>> need to add a kernel command line option to limit the max initial
>> balloon size to mitigate this...
> I would call this dom0 functionality a bug.  I think both Citrix
> and Oracle use dom0_mem as a normal boot option for every
> installation and, while I think both employ heuristics to choose
> a larger dom0_mem for larger physical memory, I don't think it
> grows large enough for, say, >256GB physical memory, to accommodate
> the necessarily large number of page tables.
> So, I'd vote for NOT allowing dom0 to balloon up to physical
> memory if dom0_mem is specified, and possibly a kernel command
> line option that allows it to grow beyond.  Or, possibly, no
> option and never allow dom0 memory to grow beyond dom0_mem
> unless (possibly) it grows with hot-plug.

Yes, its a bit of a problem.  The trouble is that the kernel can't
really distinguish the two cases; either way, it sees a Xen-supplied
xen_start_info->nr_pages as the amount of initial memory available, and
an E820 table referring to more RAM beyond that.

I guess there are three options:

   1. add a "xen_maxmem" (or something) kernel parameter to override
      space specified in the E820 table
   2. ignore E820 if its a privileged domain
   3. only allow extra memory up to a certain ratio of the base memory
      (8x? 16x? 32x?)

I think the third is probably the simplest and least hacky, as it
directly addresses the underlying issue (and prevents domU mishaps as well).


Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>