| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Apr 2010 21:24:41 +0300 From: Avi Kivity <avi@...hat.com> To: Jeremy Fitzhardinge <jeremy@...p.org> CC: Dan Magenheimer <dan.magenheimer@...cle.com>, Dave Hansen <dave@...ux.vnet.ibm.com>, Pavel Machek <pavel@....cz>, linux-kernel@...r.kernel.org, linux-mm@...ck.org, hugh.dickins@...cali.co.uk, ngupta@...are.org, JBeulich@...ell.com, chris.mason@...cle.com, kurt.hackel@...cle.com, dave.mccracken@...cle.com, npiggin@...e.de, akpm@...ux-foundation.org, riel@...hat.com Subject: Re: Frontswap [PATCH 0/4] (was Transcendent Memory): overview On 04/30/2010 08:52 PM, Jeremy Fitzhardinge wrote: > On 04/30/2010 09:16 AM, Avi Kivity wrote: > >> Given that whenever frontswap fails you need to swap anyway, it is >> better for the host to never fail a frontswap request and instead back >> it with disk storage if needed. This way you avoid a pointless vmexit >> when you're out of memory. Since it's disk backed it needs to be >> asynchronous and batched. >> > I'd argue the opposite. There's no point in having the host do swapping > on behalf of guests if guests can do it themselves; it's just a > duplication of functionality. The problem with relying on the guest to swap is that it's voluntary. The guest may not be able to do it. When the hypervisor needs memory and guests don't cooperate, it has to swap. But I'm not suggesting that the host swap on behalf on the guest. Rather, the guest swaps to (what it sees as) a device with a large write-back cache; the host simply manages that cache. > You end up having two IO paths for each > guest, and the resulting problems in trying to account for the IO, > rate-limit it, etc. If you can simply say "all guest disk IO happens > via this single interface", its much easier to manage. > With tmem you have to account for that memory, make sure it's distributed fairly, claim it back when you need it (requiring guest cooperation), live migrate and save/restore it. It's a much larger change than introducing a write-back device for swapping (which has the benefit of working with unmodified guests). > If frontswap has value, it's because its providing a new facility to > guests that doesn't already exist and can't be easily emulated with > existing interfaces. > > It seems to me the great strengths of the synchronous interface are: > > * it matches the needs of an existing implementation (tmem in Xen) > * it is simple to understand within the context of the kernel code > it's used in > > Simplicity is important, because it allows the mm code to be understood > and maintained without having to have a deep understanding of > virtualization. If we use the existing paths, things are even simpler, and we match more needs (hypervisors with dma engines, the ability to reclaim memory without guest cooperation). > One of the problems with CMM2 was that it puts a lot of > intricate constraints on the mm code which can be easily broken, which > would only become apparent in subtle edge cases in a CMM2-using > environment. An addition async frontswap-like interface - while not as > complex as CMM2 - still makes things harder for mm maintainers. > No doubt CMM2 is hard to swallow. > The downside is that it may not match some implementation in which the > get/put operations could take a long time (ie, physical IO to a slow > mechanical device). But a general Linux principle is not to overdesign > interfaces for hypothetical users, only for real needs. > > Do you think that you would be able to use frontswap in kvm if it were > an async interface, but not otherwise? Or are you arguing a hypothetical? > For kvm (or Xen, with some modifications) all of the benefits of frontswap/tmem can be achieved with the ordinary swap. It would need trim/discard support to avoid writing back freed data, but that's good for flash as well. The advantages are: - just works - old guests - <1 exit/page (since it's batched) - no extra overhead if no free memory - can use dma engine (since it's asynchronous) >> At this point we're back with the ordinary swap API. Simply have your >> host expose a device which is write cached by host memory, you'll have >> all the benefits of frontswap with none of the disadvantages, and with >> no changes to guest code. >> > Yes, that's comfortably within the "guests page themselves" model. > Setting up a block device for the domain which is backed by pagecache > (something we usually try hard to avoid) is pretty straightforward. But > it doesn't work well for Xen unless the blkback domain is sized so that > it has all of Xen's free memory in its pagecache. > Could be easily achieved with ballooning? > That said, it does concern me that the host/hypervisor is left holding > the bag on frontswapped pages. A evil/uncooperative/lazy can just pump > a whole lot of pages into the frontswap pool and leave them there. I > guess this is mitigated by the fact that the API is designed such that > they can't update or read the data without also allowing the hypervisor > to drop the page (updates can fail destructively, and reads are also > destructive), so the guest can't use it as a clumsy extension of their > normal dedicated memory. > Eventually you'll have to swap frontswap pages, or kill uncooperative guests. At which point all of the simplicity is gone. -- Do not meddle in the internals of kernels, for they are subtle and quick to panic. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists