[Libvir] [RFC] Check host's minimum memory.
Hi The minimum value of the memory guarded with virsh setmem is 4096KB(4MB). In general, when host's memory is set to 4MB, the host stops. Therefore, I propose the patch to which host's minimum value of the memory is guarded by 256MB. Signed-off-by: Masayuki Sunou <fj1826dm@aa.jp.fujitsu.com> Thanks, Masayuki Sunou. libvirt-0.2.0 -------------------------------------------------------------------------------- Index: libvirt/src/xend_internal.c =================================================================== RCS file: /data/cvs/libvirt/src/xend_internal.c,v retrieving revision 1.97 diff -u -p -r1.97 xend_internal.c --- libvirt/src/xend_internal.c 2 Mar 2007 20:19:08 -0000 1.97 +++ libvirt/src/xend_internal.c 6 Mar 2007 01:42:44 -0000 @@ -2243,6 +2243,9 @@ xenDaemonDomainSetMemory(virDomainPtr do if (domain->id < 0 && domain->conn->xendConfigVersion < 3) return(-1); + if (domain->id == 0 && memory < (256 * 1024)) + return(-1); + snprintf(buf, sizeof(buf), "%lu", memory >> 10); return xend_op(domain->conn, domain->name, "op", "mem_target_set", "target", buf, NULL); Index: libvirt/src/xm_internal.c =================================================================== RCS file: /data/cvs/libvirt/src/xm_internal.c,v retrieving revision 1.14 diff -u -p -r1.14 xm_internal.c --- libvirt/src/xm_internal.c 23 Feb 2007 08:51:30 -0000 1.14 +++ libvirt/src/xm_internal.c 6 Mar 2007 01:42:46 -0000 @@ -1025,6 +1025,9 @@ int xenXMDomainSetMemory(virDomainPtr do if (domain->id != -1) return (-1); + if (domain->id == 0 && memory < (256 * 1024)) + return(-1); + if (!(filename = virHashLookup(nameConfigMap, domain->name))) return (-1); Index: libvirt/src/xs_internal.c =================================================================== RCS file: /data/cvs/libvirt/src/xs_internal.c,v retrieving revision 1.32 diff -u -p -r1.32 xs_internal.c --- libvirt/src/xs_internal.c 23 Feb 2007 08:51:30 -0000 1.32 +++ libvirt/src/xs_internal.c 6 Mar 2007 01:42:46 -0000 @@ -434,6 +434,10 @@ xenStoreDomainSetMemory(virDomainPtr dom } if (domain->id == -1) return(-1); + + if (domain->id == 0 && memory < (256 * 1024)) + return(-1); + snprintf(value, 19, "%lu", memory); value[19] = 0; ret = virDomainDoStoreWrite(domain, "memory/target", &value[0]); --------------------------------------------------------------------------------
On Tue, Mar 06, 2007 at 02:40:24PM +0900, Masayuki Sunou wrote:
Hi
The minimum value of the memory guarded with virsh setmem is 4096KB(4MB). In general, when host's memory is set to 4MB, the host stops.
Therefore, I propose the patch to which host's minimum value of the memory is guarded by 256MB.
AFAICT, this is already guarded by XenD. In the /etc/xen/xend-config.sxp file there is (dom0-min-mem 256) Is XenD perhaps no honouring this limit ? Regards, Dan -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
Hi Dan
AFAICT, this is already guarded by XenD. In the /etc/xen/xend-config.sxp file there is
(dom0-min-mem 256)
Is XenD perhaps no honouring this limit ?
When I executed the following command with Xend of Fedora7 after I confirmed dom0-min-mem was 256MB, the host stopped. #virsh setmem 0 4096 -->When I execute virsh setmem 0 256, the host doesn't stop. The setting is not effective in Xend. So, after investigating Xend, I report again. Thanks, Masayuki Sunou In message <20070306121407.GA21807@redhat.com> "Re: [Libvir] [RFC] Check host's minimum memory." ""Daniel P. Berrange" <berrange@redhat.com>" wrote:
On Tue, Mar 06, 2007 at 02:40:24PM +0900, Masayuki Sunou wrote:
Hi
The minimum value of the memory guarded with virsh setmem is 4096KB(4MB). In general, when host's memory is set to 4MB, the host stops.
Therefore, I propose the patch to which host's minimum value of the memory is guarded by 256MB.
AFAICT, this is already guarded by XenD. In the /etc/xen/xend-config.sxp file there is
(dom0-min-mem 256)
Is XenD perhaps no honouring this limit ?
Regards, Dan -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
Hi, Dan Your suggested parameter is just protect for Dom0 memory freeing in balloon driver. (this parameter is just used in free()@xen/tools/python/xend/balloon.py) This parameter check is effective for Dom0 gives memory to other Domain. For this reason, xm mem-set & virsh setmem is not protected by your siggested parameter.(like setMemoryTarget@XendDomainInfl.py). To protect Dom0 minimum memory size, Which component (Libvirt or Xend) should do? I think Sunou's solution is better one. Thanks Atsushi SAKAI "Daniel P. Berrange" <berrange@redhat.com> wrote:
AFAICT, this is already guarded by XenD. In the /etc/xen/xend-config.sxp file there is
(dom0-min-mem 256)
Is XenD perhaps no honouring this limit ?
On Tue, Mar 06, 2007 at 02:40:24PM +0900, Masayuki Sunou wrote:
Hi
The minimum value of the memory guarded with virsh setmem is 4096KB(4MB). In general, when host's memory is set to 4MB, the host stops.
Therefore, I propose the patch to which host's minimum value of the memory is guarded by 256MB.
I have run guests in 64MB of memory, so 256 as an arbitrary limit sounds way too high to me. There is some places in libvirt code where 64 is the limit (e.g. xend_parse_sexp_desc() if ((cur_mem > 63) && (cur_mem != max_mem)) ...) so if we set a limit here too that should be homogenized (using a constant in internal.h preferably). Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
On Wed, Mar 07, 2007 at 06:43:14AM -0500, Daniel Veillard wrote:
On Tue, Mar 06, 2007 at 02:40:24PM +0900, Masayuki Sunou wrote:
Hi
The minimum value of the memory guarded with virsh setmem is 4096KB(4MB). In general, when host's memory is set to 4MB, the host stops.
Therefore, I propose the patch to which host's minimum value of the memory is guarded by 256MB.
I have run guests in 64MB of memory, so 256 as an arbitrary limit sounds way too high to me. There is some places in libvirt code where 64 is the limit (e.g. xend_parse_sexp_desc() if ((cur_mem > 63) && (cur_mem != max_mem)) ...) so if we set a limit here too that should be homogenized (using a constant in internal.h preferably).
This still feels wrong to me - I'm don't like the idea of libvirt enforcing policy decisions, particularly when they're compiled in. With the current bloated Xen python stack we probably won't go below 64 MB, but we won't always be managing Xen, nor will Xen forever be stuck with a python stack (i hope :-). I'd say that if possible XenD should be fixed to honour dom0_min_memory in all cases, rather than just when ballooning down to start a guest. Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
Hi, Dan O.K. I will asking Xen-devel with policy forcing patch. Thanks Atsushi SAKAI "Daniel P. Berrange" <berrange@redhat.com> wrote:
On Wed, Mar 07, 2007 at 06:43:14AM -0500, Daniel Veillard wrote:
On Tue, Mar 06, 2007 at 02:40:24PM +0900, Masayuki Sunou wrote:
Hi
The minimum value of the memory guarded with virsh setmem is 4096KB(4MB). In general, when host's memory is set to 4MB, the host stops.
Therefore, I propose the patch to which host's minimum value of the memory is guarded by 256MB.
I have run guests in 64MB of memory, so 256 as an arbitrary limit sounds way too high to me. There is some places in libvirt code where 64 is the limit (e.g. xend_parse_sexp_desc() if ((cur_mem > 63) && (cur_mem != max_mem)) ...) so if we set a limit here too that should be homogenized (using a constant in internal.h preferably).
This still feels wrong to me - I'm don't like the idea of libvirt enforcing policy decisions, particularly when they're compiled in. With the current bloated Xen python stack we probably won't go below 64 MB, but we won't always be managing Xen, nor will Xen forever be stuck with a python stack (i hope :-). I'd say that if possible XenD should be fixed to honour dom0_min_memory in all cases, rather than just when ballooning down to start a guest.
Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Hi, Dan I and Sunou investivate this issue. virsh setmem commands directry writes xenstore(memory/target) by using xenStoreDomainSetMemory()@xs_internal.c. This data (memory/target) is read by PVdomain balloon driver directly. As you know, xenstore just pass through the data between inter domain. For this reason, virsh setmem must protect at xs_internal.c not on Xen-side Anyway xm mem-set uses setMemoryTarget()@XendDomainInfo.py and write xenstore(memory/target). This path can be protected by XenD fixes. How should we do? Thanks Atsushi SAKAI Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
Hi, Dan
O.K.
I will asking Xen-devel with policy forcing patch.
Thanks Atsushi SAKAI
"Daniel P. Berrange" <berrange@redhat.com> wrote:
On Wed, Mar 07, 2007 at 06:43:14AM -0500, Daniel Veillard wrote:
On Tue, Mar 06, 2007 at 02:40:24PM +0900, Masayuki Sunou wrote:
Hi
The minimum value of the memory guarded with virsh setmem is 4096KB(4MB). In general, when host's memory is set to 4MB, the host stops.
Therefore, I propose the patch to which host's minimum value of the memory is guarded by 256MB.
I have run guests in 64MB of memory, so 256 as an arbitrary limit sounds way too high to me. There is some places in libvirt code where 64 is the limit (e.g. xend_parse_sexp_desc() if ((cur_mem > 63) && (cur_mem != max_mem)) ...) so if we set a limit here too that should be homogenized (using a constant in internal.h preferably).
This still feels wrong to me - I'm don't like the idea of libvirt enforcing policy decisions, particularly when they're compiled in. With the current bloated Xen python stack we probably won't go below 64 MB, but we won't always be managing Xen, nor will Xen forever be stuck with a python stack (i hope :-). I'd say that if possible XenD should be fixed to honour dom0_min_memory in all cases, rather than just when ballooning down to start a guest.
Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Mar 08, 2007 at 05:33:45PM +0900, Atsushi SAKAI wrote:
Hi, Dan
I and Sunou investivate this issue.
virsh setmem commands directry writes xenstore(memory/target) by using xenStoreDomainSetMemory()@xs_internal.c. This data (memory/target) is read by PVdomain balloon driver directly. As you know, xenstore just pass through the data between inter domain. For this reason, virsh setmem must protect at xs_internal.c not on Xen-side
Ahhh, yes that makes sense. So looks like we have no choice but to put some protection in libvirt here. Lets have a patch which applies to xs_internal.c only, and protects Dom0 with a limit of 64 MB. This avoids imposing policy on non-Dom0, or QEMU/KVM guests. Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
On Thu, Mar 08, 2007 at 01:03:48PM +0000, Daniel P. Berrange wrote:
On Thu, Mar 08, 2007 at 05:33:45PM +0900, Atsushi SAKAI wrote:
Hi, Dan
I and Sunou investivate this issue.
virsh setmem commands directry writes xenstore(memory/target) by using xenStoreDomainSetMemory()@xs_internal.c. This data (memory/target) is read by PVdomain balloon driver directly. As you know, xenstore just pass through the data between inter domain. For this reason, virsh setmem must protect at xs_internal.c not on Xen-side
Ahhh, yes that makes sense. So looks like we have no choice but to put some protection in libvirt here. Lets have a patch which applies to xs_internal.c only, and protects Dom0 with a limit of 64 MB. This avoids imposing policy on non-Dom0, or QEMU/KVM guests.
I applied the following patch which: 1/ find the places where we had an arbitrary memory value set or tested, use MIN_XEN_GUEST_SIZE defined as 64 as the base minimum and 2 * MIN_XEN_GUEST_SIZE for default when not defined 1/ add the protection to xenStoreDomainSetMemory, MIN_XEN_GUEST_SIZE for guests and 2 * MIN_XEN_GUEST_SIZE for Dom0 of course the actual values selected can be argued about but at least I think the place which are affected are now well isolated, Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
participants (4)
-
Atsushi SAKAI -
Daniel P. Berrange -
Daniel Veillard -
Masayuki Sunou