On Mon, Aug 08, 2016 at 07:31:28PM +0200, Juergen Gross wrote:
> On 08/08/16 16:45, Ian Jackson wrote:
> > Juergen Gross writes ("[PATCH 0/3] tools: support autoballooning of 
> > xenstore domain"):
> >> Support xenstore domain autoballooning by:
> >> - adding --maxmem parameter to init-xenstore-domain
> >> - build xenstore stubdom with Mini-OS CONFIG_BALLOON set
> >> - add XENSTORE_MAX_DOMAIN_SIZE parameter to sysconfig.xencommons
> >>
> >> This series requires Mini-OS ballooning support, of course. I'm posting
> >> it now because this will make it easier to test my Mini-OS series.
> > 
> > The basic idea seems sound enough, and I didn't spot much wrong with
> > the implementation, although I have some questions/observations:
> > 
> >  * AFAICT this is going to take effect for C xenstored.  But ISTM that
> >    we probably want to be moving away from C xenstored; its code is
> >    difficult, it has a history of hard to fathom bugs, and I'm
> >    concerned about its security properties.
> 
> This should work for ocaml based xenstore domain, too. I've been told
> that is based on Mini-OS, so there is no reason it shouldn't work.
> 
> >  * I find that the pointer-arithmetic-based parsing style (as seen in
> >    patch 1) very hard to read.  I haven't reviewed it.  But I think it
> >    is not exposed to untrusted input so I don't think I care.
> 
> I wouldn't mind another way to do it. This variant seemed to be most
> compact and passed all verification testing I did (and I tried a lot
> of nonsense).
> 
> >  * If we are going in this direction, this feature probably wants to
> >    be enabled by default.  Do you have a good idea of default
> >    parameters ?
> 
> Hmm, that's not too easy. For a "normal" guest about a quarter MB of
> memory for Xenstore seems to be a lot. I guess these days most guests
> have at least 256 MB, so 1/1000 of host memory seems to be appropriate.
> We don't risk anything going a little bit higher, as Mini-OS doesn't
> have anything like page structures consuming memory for the not yet
> taken domain memory. Of course we need some MB (e.g. 4) as a starting
> point as the kernel needs some memory even if the host is very small.
> So what about 4:1/512 ? This would give us 4 MB at minimum and on a
> 16 TB machine we could go up to 32 GB which still wouldn't blow up the
> theoretical boundaries of Mini-OS.
> 
> 

Ian, are all your concerns addressed?

Wei.

> Juergen

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Reply via email to