Xen used to have single, system-wide limits for the number of grant
frames and maptrack frames a guest was allowed to create. Increasing
or decreasing this single limit on the Xen command-line would change
the limit for all guests on the system.
Later, per-domain limits for these values was created. The system-wide
limits became strict limits: domains could not be created with higher
limits, but could be created with lower limits. However, that change
also introduced a range of different "default" values into various
places in the toolstack:
- The python libxc bindings hard-coded these values to 32 and 1024,
respectively
- The libxl default values are 32 and 1024 respectively.
- xl will use the libxl default for maptrack, but does its own default
calculation for grant frames: either 32 or 64, based on the max
possible mfn.
These defaults interact poorly with the hypervisor command-line limit:
- The hypervisor command-line limit cannot be used to raise the limit
for all guests anymore, as the default in the toolstack will
effectively override this.
- If you use the hypervisor command-line limit to *reduce* the limit,
then the "default" values generated by the toolstack are too high,
and all guest creations will fail.
In other words, the toolstack defaults require any change to be
effected by having the admin explicitly specify a new value in every
guest.
In order to address this, have grant_table_init treat negative values
for max_grant_frames and max_maptrack_frames as instructions to use the
system-wide default, and have all the above toolstacks default to passing
-1 unless a different value is explicitly configured.
This restores the old behavior in that changing the hypervisor command-line
option can change the behavior for all guests, while retaining the ability
to set per-guest values. It also removes the bug that reducing the
system-wide max will cause all domains without explicit limits to fail.
NOTE: - The Ocaml bindings require the caller to always specify a value,
and the code to start a xenstored stubdomain hard-codes these to 4
and 128 respectively; this behavour will not be modified.
Signed-off-by: George Dunlap <george.dunlap@citrix.com>
Signed-off-by: Paul Durrant <pdurrant@amazon.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Wei Liu <wl@xen.org>
Acked-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
master commit:
f2ae59bc4b9b5c3f12de86aa42cdf413d2c3ffbf
master date: 2019-11-29 21:43:49 +0000
Sets the default value for the C<max_grant_frames> domain config value.
-Default: C<32> on hosts up to 16TB of memory, C<64> on hosts larger than 16TB
+Default: value of Xen command line B<gnttab_max_frames> parameter (or its
+default value if unspecified).
=item B<max_maptrack_frames=NUMBER>
Sets the default value for the C<max_maptrack_frames> domain config value.
-Default: C<1024>
+Default: value of Xen command line B<gnttab_max_maptrack_frames>
+parameter (or its default value if unspecified).
=item B<vif.default.script="PATH">
*/
#define LIBXL_HAVE_BUILDINFO_GRANT_LIMITS 1
-#define LIBXL_MAX_GRANT_FRAMES_DEFAULT 32
-#define LIBXL_MAX_MAPTRACK_FRAMES_DEFAULT 1024
+#define LIBXL_MAX_GRANT_DEFAULT (~(uint32_t)0)
+#define LIBXL_MAX_GRANT_FRAMES_DEFAULT 32 /* deprecated */
+#define LIBXL_MAX_MAPTRACK_FRAMES_DEFAULT 1024 /* deprecated */
+/*
+ * LIBXL_HAVE_BUILDINFO_GRANT_DEFAULT indicates that the default
+ * values of max_grant_frames and max_maptrack_frames fields in
+ * libxl_domain_build_info are the special sentinel value
+ * LIBXL_MAX_GRANT_DEFAULT rather than the fixed values above.
+ * This means to use the hypervisor's default.
+ */
+#define LIBXL_HAVE_BUILDINFO_GRANT_DEFAULT 1
/*
* LIBXL_HAVE_BUILDINFO_* indicates that libxl_domain_build_info has
("vnuma_nodes", Array(libxl_vnode_info, "num_vnuma_nodes")),
- ("max_grant_frames", uint32, {'init_val': 'LIBXL_MAX_GRANT_FRAMES_DEFAULT'}),
- ("max_maptrack_frames", uint32, {'init_val': 'LIBXL_MAX_MAPTRACK_FRAMES_DEFAULT'}),
+ ("max_grant_frames", uint32, {'init_val': 'LIBXL_MAX_GRANT_DEFAULT'}),
+ ("max_maptrack_frames", uint32, {'init_val': 'LIBXL_MAX_GRANT_DEFAULT'}),
("device_model_version", libxl_device_model_version),
("device_model_stubdomain", libxl_defbool),
return 0;
}
-int xlu_cfg_get_long(const XLU_Config *cfg, const char *n,
- long *value_r, int dont_warn) {
+int xlu_cfg_get_bounded_long(const XLU_Config *cfg, const char *n,
+ long min, long max, long *value_r,
+ int dont_warn) {
long l;
XLU_ConfigSetting *set;
int e;
cfg->config_source, set->lineno, n);
return EINVAL;
}
+ if (l < min) {
+ if (!dont_warn)
+ fprintf(cfg->report,
+ "%s:%d: warning: value `%ld' is smaller than minimum bound '%ld'\n",
+ cfg->config_source, set->lineno, l, min);
+ return EINVAL;
+ }
+ if (l > max) {
+ if (!dont_warn)
+ fprintf(cfg->report,
+ "%s:%d: warning: value `%ld' is greater than maximum bound '%ld'\n",
+ cfg->config_source, set->lineno, l, max);
+ return EINVAL;
+ }
+
*value_r= l;
return 0;
}
+int xlu_cfg_get_long(const XLU_Config *cfg, const char *n,
+ long *value_r, int dont_warn) {
+ return xlu_cfg_get_bounded_long(cfg, n, LONG_MIN, LONG_MAX, value_r,
+ dont_warn);
+}
+
int xlu_cfg_get_defbool(const XLU_Config *cfg, const char *n, libxl_defbool *b,
int dont_warn)
{
char **value_r, int dont_warn);
int xlu_cfg_get_long(const XLU_Config*, const char *n, long *value_r,
int dont_warn);
+int xlu_cfg_get_bounded_long(const XLU_Config*, const char *n, long min,
+ long max, long *value_r, int dont_warn);
int xlu_cfg_get_defbool(const XLU_Config*, const char *n, libxl_defbool *b,
int dont_warn);
},
.max_vcpus = 1,
.max_evtchn_port = -1, /* No limit. */
- .max_grant_frames = 32,
- .max_maptrack_frames = 1024,
+ .max_grant_frames = -1,
+ .max_maptrack_frames = -1,
};
static char *kwd_list[] = { "domid", "ssidref", "handle", "flags",
#include <ctype.h>
#include <inttypes.h>
#include <regex.h>
+#include <limits.h>
#include <libxl.h>
#include <libxl_utils.h>
XLU_Config *config;
int e;
const char *buf;
- libxl_physinfo physinfo;
config = xlu_cfg_init(stderr, configfile);
if (!config) {
xlu_cfg_replace_string (config, "colo.default.proxyscript",
&default_colo_proxy_script, 0);
- if (!xlu_cfg_get_long (config, "max_grant_frames", &l, 0))
+ e = xlu_cfg_get_bounded_long (config, "max_grant_frames", 0, INT_MAX,
+ &l, 1);
+ if (!e)
max_grant_frames = l;
- else {
- libxl_physinfo_init(&physinfo);
- max_grant_frames = (libxl_get_physinfo(ctx, &physinfo) != 0 ||
- !(physinfo.max_possible_mfn >> 32))
- ? 32 : 64;
- libxl_physinfo_dispose(&physinfo);
- }
- if (!xlu_cfg_get_long (config, "max_maptrack_frames", &l, 0))
+ else if (e != ESRCH)
+ exit(1);
+
+ e = xlu_cfg_get_bounded_long (config, "max_maptrack_frames", 0,
+ INT_MAX, &l, 1);
+ if (!e)
max_maptrack_frames = l;
+ else if (e != ESRCH)
+ exit(1);
libxl_cpu_bitmap_alloc(ctx, &global_vm_affinity_mask, 0);
libxl_cpu_bitmap_alloc(ctx, &global_hvm_affinity_mask, 0);
!xlu_cfg_get_string (config, "cpus_soft", &buf, 0))
parse_vcpu_affinity(b_info, cpus, buf, num_cpus, false);
- if (!xlu_cfg_get_long (config, "max_grant_frames", &l, 0))
+ e = xlu_cfg_get_bounded_long (config, "max_grant_frames", 0, INT_MAX,
+ &l, 1);
+ if (e == ESRCH) /* not specified */
+ b_info->max_grant_frames = max_grant_frames;
+ else if (!e)
b_info->max_grant_frames = l;
else
- b_info->max_grant_frames = max_grant_frames;
- if (!xlu_cfg_get_long (config, "max_maptrack_frames", &l, 0))
- b_info->max_maptrack_frames = l;
- else if (max_maptrack_frames != -1)
+ exit(1);
+
+ e = xlu_cfg_get_bounded_long (config, "max_maptrack_frames", 0,
+ INT_MAX, &l, 1);
+ if (e == ESRCH) /* not specified */
b_info->max_maptrack_frames = max_maptrack_frames;
+ else if (!e)
+ b_info->max_maptrack_frames = l;
+ else
+ exit(1);
libxl_defbool_set(&b_info->claim_mode, claim_mode);
.flags = XEN_DOMCTL_CDF_hvm_guest | XEN_DOMCTL_CDF_hap,
.max_evtchn_port = -1,
.max_grant_frames = gnttab_dom0_frames(),
- .max_maptrack_frames = opt_max_maptrack_frames,
+ .max_maptrack_frames = -1,
};
dcache_line_bytes = read_dcache_line_bytes();
struct xen_domctl_createdomain dom0_cfg = {
.flags = XEN_DOMCTL_CDF_s3_integrity,
.max_evtchn_port = -1,
- .max_grant_frames = opt_max_grant_frames,
- .max_maptrack_frames = opt_max_maptrack_frames,
+ .max_grant_frames = -1,
+ .max_maptrack_frames = -1,
};
/* Critical region without IDT or TSS. Any fault is deadly! */
struct grant_table_arch arch;
};
+static int parse_gnttab_limit(const char *param, const char *arg,
+ unsigned int *valp)
+{
+ const char *e;
+ unsigned long val;
+
+ val = simple_strtoul(arg, &e, 0);
+ if ( *e )
+ return -EINVAL;
+
+ if ( val > INT_MAX )
+ return -ERANGE;
+
+ *valp = val;
+
+ return 0;
+}
+
unsigned int __read_mostly opt_max_grant_frames = 64;
-integer_runtime_param("gnttab_max_frames", opt_max_grant_frames);
-unsigned int __read_mostly opt_max_maptrack_frames = 1024;
-integer_runtime_param("gnttab_max_maptrack_frames", opt_max_maptrack_frames);
+static int parse_gnttab_max_frames(const char *arg)
+{
+ return parse_gnttab_limit("gnttab_max_frames", arg,
+ &opt_max_grant_frames);
+}
+custom_runtime_param("gnttab_max_frames", parse_gnttab_max_frames);
+
+static unsigned int __read_mostly opt_max_maptrack_frames = 1024;
+
+static int parse_gnttab_max_maptrack_frames(const char *arg)
+{
+ return parse_gnttab_limit("gnttab_max_maptrack_frames", arg,
+ &opt_max_maptrack_frames);
+}
+custom_runtime_param("gnttab_max_maptrack_frames",
+ parse_gnttab_max_maptrack_frames);
#ifndef GNTTAB_MAX_VERSION
#define GNTTAB_MAX_VERSION 2
return -ENOMEM;
}
-int grant_table_init(struct domain *d, unsigned int max_grant_frames,
- unsigned int max_maptrack_frames)
+int grant_table_init(struct domain *d, int max_grant_frames,
+ int max_maptrack_frames)
{
struct grant_table *gt;
int ret = -ENOMEM;
+ /* Default to maximum value if no value was specified */
+ if ( max_grant_frames < 0 )
+ max_grant_frames = opt_max_grant_frames;
+ if ( max_maptrack_frames < 0 )
+ max_maptrack_frames = opt_max_maptrack_frames;
+
if ( max_grant_frames < INITIAL_NR_GRANT_FRAMES ||
max_grant_frames > opt_max_grant_frames ||
max_maptrack_frames > opt_max_maptrack_frames )
uint32_t flags;
/*
- * Various domain limits, which impact the quantity of resources (global
- * mapping space, xenheap, etc) a guest may consume.
+ * Various domain limits, which impact the quantity of resources
+ * (global mapping space, xenheap, etc) a guest may consume. For
+ * max_grant_frames and max_maptrack_frames, < 0 means "use the
+ * default maximum value in the hypervisor".
*/
uint32_t max_vcpus;
uint32_t max_evtchn_port;
- uint32_t max_grant_frames;
- uint32_t max_maptrack_frames;
+ int32_t max_grant_frames;
+ int32_t max_maptrack_frames;
struct xen_arch_domainconfig arch;
};
struct grant_table;
extern unsigned int opt_max_grant_frames;
-extern unsigned int opt_max_maptrack_frames;
/* Create/destroy per-domain grant table context. */
-int grant_table_init(struct domain *d, unsigned int max_grant_frames,
- unsigned int max_maptrack_frames);
+int grant_table_init(struct domain *d, int max_grant_frames,
+ int max_maptrack_frames);
void grant_table_destroy(
struct domain *d);
void grant_table_init_vcpu(struct vcpu *v);
projects / xen.git / commitdiff