WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] yanked share, round 2

To: "Anthony Liguori" <aliguori@xxxxxxxxxx>
Subject: RE: [Xen-devel] yanked share, round 2
From: "King, Steven R" <steven.r.king@xxxxxxxxx>
Date: Fri, 13 Jan 2006 13:25:32 -0800
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 13 Jan 2006 21:32:22 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcYYeKSAjd6fbISrSQqYO6lkzfBZXAAC5m3w
Thread-topic: [Xen-devel] yanked share, round 2
I would like hear your ideas for who manages the pool and how the pool
avoids becoming depleted.

In addition to avoiding the ownership problem, I see another nice
advantage:
The third party (Xen? a DomP?) can hand up to the DomU's a nice tidy key
value representing the shared pages, which is very similar to the way
SysV IPC memory sharing works.

-steve

-----Original Message-----
From: Anthony Liguori [mailto:aliguori@xxxxxxxxxx] 
Sent: Friday, January 13, 2006 11:35 AM
To: King, Steven R
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] yanked share, round 2

You avoid zombies and either side can break the sharing without causing
harm to the other side.  Domains restarting are transparent to either
end (the restarting domain just reattachs and keeps going).  It avoids
the general ownership problem altogether.

Regards,

Anthony Liguori

King, Steven R wrote:

>Hi Anthony -- Can you explain why this is ideal?  I prefer that sharers

>and mappers have their own skin the game--that way, Xen doesn't have to

>manage a pool and nobody has to worry about the pool being depleted.
>
>-----Original Message-----
>From: Anthony Liguori [mailto:aliguori@xxxxxxxxxx]
>Sent: Friday, January 13, 2006 11:23 AM
>To: King, Steven R
>Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
>Subject: Re: [Xen-devel] yanked share, round 2
>
>An ideal solution to this problem would be to keep a separate pool of 
>shared memory that neither domain owned.  That removes any concerns 
>about ownership.
>
>Regards,
>
>Anthony Liguori
>
>King, Steven R wrote:
>
>  
>
>>Hi folks,
>>A previous thread discussed complications around DomU's sharing memory
>>    
>>
>
>  
>
>>pages with each other:
>>http://lists.xensource.com/archives/html/xen-devel/2005-12/msg00499.ht
>>ml
>> 
>>To summarize, DomU's get into trouble, e.g. unable to shutdown, unless
>>    
>>
>
>  
>
>>the remote DomU's play nice.  Since DomU's do not trust each other, 
>>that is problematic.  I'd like to discuss how to clean away this 
>>dependency.
>> 
>>Here's one idea.  The goal is to robustly decouple the sharing and 
>>remote domains.
>> 
>>Grant tables add a new GTF_safe flag, settable by the sharing DomU.
>>In order to map a GTF_safe page, a remote domain must provide a page 
>>of its own, which I'll call an "under page".
>>Xen holds the under-page on behalf of the remote DomU and maps the 
>>shared page into the remote DomU's machine.
>>At any time, the sharing DomU can unshare the page, crash, etc, which 
>>ends ALL foreign access to that page, not just new mappings.
>>For each remote domain that still maps the unshared page, Xen maps the
>>    
>>
>
>  
>
>>remote's under-page in place of the unshared page.
>>The remote domain can unmap at any time and recover its under-page.
>> 
>>The purpose of the under-page is to plug the memory hole in the remote
>>    
>>
>
>  
>
>>DomU created by a surprise unsharing.  A nervous remote DomU could 
>>check that a share is GTF_safe before proceeding to map the page.
>> 
>>Good, bad or ugly?
>>-steve
>> 
>> 
>> 
>>
>>----------------------------------------------------------------------
>>-
>>-
>>
>>_______________________________________________
>>Xen-devel mailing list
>>Xen-devel@xxxxxxxxxxxxxxxxxxx
>>http://lists.xensource.com/xen-devel
>> 
>>
>>    
>>
>
>  
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel