|
|
2136bb9 |
From 27593ec62bdad8621df910931349d964a6dbaa8c Mon Sep 17 00:00:00 2001
|
|
|
2136bb9 |
From: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
2136bb9 |
Date: Wed, 21 Oct 2015 16:18:30 +0100
|
|
|
2136bb9 |
Subject: [PATCH XSA-153 v3] libxl: adjust PoD target by memory fudge, too
|
|
|
2136bb9 |
|
|
|
2136bb9 |
PoD guests need to balloon at least as far as required by PoD, or risk
|
|
|
2136bb9 |
crashing. Currently they don't necessarily know what the right value
|
|
|
2136bb9 |
is, because our memory accounting is (at the very least) confusing.
|
|
|
2136bb9 |
|
|
|
2136bb9 |
Apply the memory limit fudge factor to the in-hypervisor PoD memory
|
|
|
2136bb9 |
target, too. This will increase the size of the guest's PoD cache by
|
|
|
2136bb9 |
the fudge factor LIBXL_MAXMEM_CONSTANT (currently 1Mby). This ensures
|
|
|
2136bb9 |
that even with a slightly-off balloon driver, the guest will be
|
|
|
2136bb9 |
stable even under memory pressure.
|
|
|
2136bb9 |
|
|
|
2136bb9 |
There are two call sites of xc_domain_set_pod_target that need fixing:
|
|
|
2136bb9 |
|
|
|
2136bb9 |
The one in libxl_set_memory_target is straightforward.
|
|
|
2136bb9 |
|
|
|
2136bb9 |
The one in xc_hvm_build_x86.c:setup_guest is more awkward. Simply
|
|
|
2136bb9 |
setting the PoD target differently does not work because the various
|
|
|
2136bb9 |
amounts of memory during domain construction no longer match up.
|
|
|
2136bb9 |
Instead, we adjust the guest memory target in xenstore (but only for
|
|
|
2136bb9 |
PoD guests).
|
|
|
2136bb9 |
|
|
|
2136bb9 |
This introduces a 1Mby discrepancy between the balloon target of a PoD
|
|
|
2136bb9 |
guest at boot, and the target set by an apparently-equivalent `xl
|
|
|
2136bb9 |
mem-set' (or similar) later. This approach is low-risk for a security
|
|
|
2136bb9 |
fix but we need to fix this up properly in xen.git#staging and
|
|
|
2136bb9 |
probably also in stable trees.
|
|
|
2136bb9 |
|
|
|
2136bb9 |
This is XSA-153.
|
|
|
2136bb9 |
|
|
|
2136bb9 |
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
2136bb9 |
---
|
|
|
2136bb9 |
tools/libxl/libxl.c | 2 +-
|
|
|
2136bb9 |
tools/libxl/libxl_dom.c | 9 ++++++++-
|
|
|
2136bb9 |
2 files changed, 9 insertions(+), 2 deletions(-)
|
|
|
2136bb9 |
|
|
|
2136bb9 |
diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
|
|
|
2136bb9 |
index d38d0c7..1366177 100644
|
|
|
2136bb9 |
--- a/tools/libxl/libxl.c
|
|
|
2136bb9 |
+++ b/tools/libxl/libxl.c
|
|
|
2136bb9 |
@@ -4815,7 +4815,7 @@ retry_transaction:
|
|
|
2136bb9 |
|
|
|
2136bb9 |
new_target_memkb -= videoram;
|
|
|
2136bb9 |
rc = xc_domain_set_pod_target(ctx->xch, domid,
|
|
|
2136bb9 |
- new_target_memkb / 4, NULL, NULL, NULL);
|
|
|
2136bb9 |
+ (new_target_memkb + LIBXL_MAXMEM_CONSTANT) / 4, NULL, NULL, NULL);
|
|
|
2136bb9 |
if (rc != 0) {
|
|
|
2136bb9 |
LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR,
|
|
|
2136bb9 |
"xc_domain_set_pod_target domid=%d, memkb=%d "
|
|
|
2136bb9 |
diff --git a/tools/libxl/libxl_dom.c b/tools/libxl/libxl_dom.c
|
|
|
2136bb9 |
index b514377..8019f4e 100644
|
|
|
2136bb9 |
--- a/tools/libxl/libxl_dom.c
|
|
|
2136bb9 |
+++ b/tools/libxl/libxl_dom.c
|
|
|
2136bb9 |
@@ -486,6 +486,7 @@ int libxl__build_post(libxl__gc *gc, uint32_t domid,
|
|
|
2136bb9 |
xs_transaction_t t;
|
|
|
2136bb9 |
char **ents, **hvm_ents;
|
|
|
2136bb9 |
int i, rc;
|
|
|
2136bb9 |
+ int64_t mem_target_fudge;
|
|
|
2136bb9 |
|
|
|
2136bb9 |
rc = libxl_domain_sched_params_set(CTX, domid, &info->sched_params);
|
|
|
2136bb9 |
if (rc)
|
|
|
2136bb9 |
@@ -518,11 +519,17 @@ int libxl__build_post(libxl__gc *gc, uint32_t domid,
|
|
|
2136bb9 |
if (info->cpuid != NULL)
|
|
|
2136bb9 |
libxl_cpuid_set(ctx, domid, info->cpuid);
|
|
|
2136bb9 |
|
|
|
2136bb9 |
+ mem_target_fudge =
|
|
|
2136bb9 |
+ (info->type == LIBXL_DOMAIN_TYPE_HVM &&
|
|
|
2136bb9 |
+ info->max_memkb > info->target_memkb)
|
|
|
2136bb9 |
+ ? LIBXL_MAXMEM_CONSTANT : 0;
|
|
|
2136bb9 |
+
|
|
|
2136bb9 |
ents = libxl__calloc(gc, 12 + (info->max_vcpus * 2) + 2, sizeof(char *));
|
|
|
2136bb9 |
ents[0] = "memory/static-max";
|
|
|
2136bb9 |
ents[1] = GCSPRINTF("%"PRId64, info->max_memkb);
|
|
|
2136bb9 |
ents[2] = "memory/target";
|
|
|
2136bb9 |
- ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb);
|
|
|
2136bb9 |
+ ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb
|
|
|
2136bb9 |
+ - mem_target_fudge);
|
|
|
2136bb9 |
ents[4] = "memory/videoram";
|
|
|
2136bb9 |
ents[5] = GCSPRINTF("%"PRId64, info->video_memkb);
|
|
|
2136bb9 |
ents[6] = "domid";
|
|
|
2136bb9 |
--
|
|
|
2136bb9 |
1.7.10.4
|
|
|
2136bb9 |
|