[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCHv1] xen: increase default number of PIRQs for hardware domains



On 05/12/14 09:44, Jan Beulich wrote:
>>>> On 03.12.14 at 17:04, <david.vrabel@xxxxxxxxxx> wrote:
>> The default limit for the number of PIRQs for hardware domains (dom0)
>> is not sufficient for some (x86) systems.
>>
>> Since the pirq structures are individually and dynamically allocated,
>> the limit for hardware domains may be increased to the number of
>> possible IRQs.
> I nevertheless disagree to moving the bound up to the Xen internal
> limit unconditionally: What use does it have to allow hwdom to use
> thousands of MSIs?

Because systems that big exist.  We have one.  In particular, it needs
somewhere between 288 and 512 pirqs to scan the bus and bring up the
physical functions alone.

> If a system got that many, the main purpose of
> running Xen on it I would expect to be to hand various of the
> respective devices to guests. Hence no need for hwdom to have
> that many by default, even if this doesn't result in any extra
> resource consumption.
>
> That said, I can see the current default of 256 being too low though.
> Quite likely in the absence of a user specified value the default
> ought to be derived from nr_irqs - nr_static_irqs rather than being
> any fixed number. Considering the default used for nr_irqs, I'd think
> along the lines of sqrt(num_present_cpus()) * NR_DYNAMIC_VECTORS
> or dom0->max_vcpus * NR_DYNAMIC_VECTORS (or the minimum of
> the two) for x86.

The hardware domain is trusted ultimately.  It can, amongst other
things, rewrite the bootloader command line and replace xen.gz.  It can
be trusted not to maliciously waste Xen resource.

Having an arbitrary restriction on the the hardware domains means only
that, in the case the arbitrary limit is hit, system devices fail to
function properly.  This is far more noticeable if the limit is hit
during probe.  The admin can edit the bootloader and increase the limit,
but only if the root disk was a driver lucky enough to get its
interrupt, or the default network card got its interrupts.

The limit serves no security or resource purpose, but has the chance of
crippling the boot of the system, and making recovery hard or
impossible.  On this justification alone, the limit should be removed.

~Andrew


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.