Xen project Mailing List

[PATCH v3] SUPPORT.md: extend security support for x86 hosts to 12 TiB of memory

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 2 Jun 2022 10:43:27 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qMzAE4sPMKZChY6NYGrtUtUufgeougc+sPwTUOuU+f0=; b=Py9+jc/kxlCPHXKBL7AzkTmHWBakkCyfuSPNyT2o82B2n5dIJlr3e/dMCwhua4cf+nto30riqQ0B1vYiczDpMHO2G+5H3tRgNXcFgVgR8qThxreOCXqEMzni80zylB1b722uG3vuSAX9gRFod+MUWyFCbimYdnLxFxWyEB3f3MD6lL6dkHsRzN5ZmYrqipYnHhlK5ui2fPqjld1Fqa/i3KjYXBKTAFhZP7eUjesLQ35fW5Ts5D3Sw09QxjpHWQT31Wz5cdtaCPPHCofkS71mHDXSJ5e9E9dNPvVUL8BVlosnO8cONbjnixchAXBbJmMmVeitzd+M3eNrPjcWVGfhTQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XhO1LBTPjXpEFTtcTzJPx5G8j8o4P9gCby/ZRMKtrhqwxtZIN7nOjADN89/lJ6eWDtghRs30h9lQ9X36t1yG6X014ZQwEPETrf2/JtJ/JOplb6XD7mU8Lwj8ZNOAMHIWUhYXWUFLf9+SSg34vCbiId9MNFzx4bOZHpnX+1eHnfAVOHvfJaJekT2PGw31bJqi86amMMr86AIoqEVpR4hqMnJ/eQf5FLAeh7+E4ph6tSi6cIyRZDZ5Mg5/L63evBMU2oRHGSr2fWGqLJZvXQkk8/BEokYzwEnUCu+qU64Yoq7hTPsLxMaFUk8mBPyGVZUjX/bJOathOQYwoja0FVVRHA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Thu, 02 Jun 2022 08:43:41 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

c49ee0329ff3 ("SUPPORT.md: limit security support for hosts with very much memory"), as a result of XSA-385, restricted security support to 8 TiB of host memory. While subsequently further restricted for Arm, extend this to 12 TiB on x86, putting in place a guest restriction to 8 TiB (or yet less for Arm) in exchange. A 12 TiB x86 host was certified successfully for use with Xen 4.14 as per https://www.suse.com/nbswebapp/yesBulletin.jsp?bulletinNumber=150753. This in particular included running as many guests (2 TiB each) as possible in parallel, to actually prove that all the memory can be used like this. It may be relevant to note that the Optane memory there was used in memory-only mode, with DRAM acting as cache. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: George Dunlap <george.dunlap@xxxxxxxxxx> --- v3: Correct Arm32 guest value. Restrict guest "leeway" to x86. v2: Rebase over new host limits for Arm. Refine new guest values for Arm. --- a/SUPPORT.md +++ b/SUPPORT.md @@ -50,7 +50,7 @@ For the Cortex A57 r0p0 - r1p1, see Erra ### Physical Memory - Status, x86: Supported up to 8 TiB. Hosts with more memory are supported, but not security supported. + Status, x86: Supported up to 12 TiB. Hosts with more memory are supported, but not security supported. Status, Arm32: Supported up to 12 GiB Status, Arm64: Supported up to 2 TiB @@ -121,6 +121,14 @@ ARM only has one guest type at the momen Status: Supported +## Guest Limits + +### Memory + + Status, x86: Supported up to 8 TiB. Guests with more memory, but less than 16 TiB, are supported, but not security supported. + Status, Arm32: Supported up to 12 GiB + Status, Arm64: Supported up to 1 TiB + ## Hypervisor file system ### Build info

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.