Re: [Xen-devel] [RFC PATCH 0/3] Live update boot memory management

Tue, 14 Jan 2020 06:17:15 -0800 

Hi David,

On 13/01/2020 11:54, David Woodhouse wrote:

On Wed, 2020-01-08 at 17:24 +0000, David Woodhouse wrote:

When doing a live update, Xen needs to be very careful not to scribble
on pages which contain guest memory or state information for the
domains which are being preserved.

The information about which pages are in use is contained in the live
update state passed from the previous Xen — which is mostly just a
guest-transparent live migration data stream, except that it points to
the page tables in place in memory while traditional live migration
obviously copies the pages separately.

Our initial implementation actually prepended a list of 'in-use' ranges
to the live update state, and made the boot allocator treat them the
same as 'bad pages'. That worked well enough for initial development
but wouldn't scale to a live production system, mainly because the boot
allocator has a limit of 512 memory ranges that it can keep track of,
and a real system would end up more fragmented than that.

My other concern with that approach is that it required two passes over
the domain-owned pages. We have to do a later pass *anyway*, as we set
up ownership in the frametable for each page — and that has to happen
after we've managed to allocate a 'struct domain' for each page_info to
point to. If we want to keep the pause time due to a live update down
to a bare minimum, doing two passes over the full set of domain pages
isn't my favourite strategy.
We actually need one more pass for PV domain (at least). The pass is used to allocate the page type (e.g L4, L1,...). This can't be done before because we need the pages to belongs to the guest before going through its page-tables. 



So we've settled on a simpler approach — reserve a contiguous region
of physical memory which *won't* be used for domain pages. Let the boot
allocator see *only* that region of memory, and plug the rest of the
memory in later only after doing a full pass of the live update state.
It is a bit unclear what the region will be used for. If you plan to put the state of the VMs in it, then you can't possibly use it for boot allocation (e.g frametable) otherwise this may be overwritten when doing the live update. The problem would arise in the first Xen but also in the second Xen if you plan to live update another time. 

Did I miss anything?

Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to