2015-10-05 23:46:25 +02:00
|
|
|
# pylint: skip-file
|
|
|
|
|
2014-05-18 21:01:21 +02:00
|
|
|
#
|
|
|
|
# The Qubes OS Project, http://www.qubes-os.org
|
|
|
|
#
|
|
|
|
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
|
|
|
|
# Copyright (C) 2013 Marek Marczykowski <marmarek@invisiblethingslab.com>
|
|
|
|
#
|
2017-10-12 00:11:50 +02:00
|
|
|
# This library is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
|
|
# License as published by the Free Software Foundation; either
|
|
|
|
# version 2.1 of the License, or (at your option) any later version.
|
2014-05-18 21:01:21 +02:00
|
|
|
#
|
2017-10-12 00:11:50 +02:00
|
|
|
# This library is distributed in the hope that it will be useful,
|
2014-05-18 21:01:21 +02:00
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
2017-10-12 00:11:50 +02:00
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
# Lesser General Public License for more details.
|
2014-05-18 21:01:21 +02:00
|
|
|
#
|
2017-10-12 00:11:50 +02:00
|
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
|
|
# License along with this library; if not, see <https://www.gnu.org/licenses/>.
|
2014-05-18 21:01:21 +02:00
|
|
|
#
|
2017-01-18 22:16:46 +01:00
|
|
|
|
2015-03-17 16:45:00 +01:00
|
|
|
import logging
|
2010-09-09 11:24:04 +02:00
|
|
|
import string
|
|
|
|
|
2014-12-18 14:36:09 +01:00
|
|
|
# This are only defaults - can be overridden by QMemmanServer with values from
|
2012-03-28 00:21:01 +02:00
|
|
|
# config file
|
|
|
|
CACHE_FACTOR = 1.3
|
|
|
|
MIN_PREFMEM = 200*1024*1024
|
|
|
|
DOM0_MEM_BOOST = 350*1024*1024
|
|
|
|
|
2015-03-17 16:45:00 +01:00
|
|
|
|
|
|
|
log = logging.getLogger('qmemman.daemon.algo')
|
|
|
|
|
2011-05-04 17:10:01 +02:00
|
|
|
#untrusted meminfo size is taken from xenstore key, thus its size is limited
|
|
|
|
#so splits do not require excessive memory
|
2016-09-07 03:43:46 +02:00
|
|
|
def sanitize_and_parse_meminfo(untrusted_meminfo):
|
|
|
|
if not untrusted_meminfo:
|
|
|
|
return None
|
|
|
|
|
|
|
|
# new syntax - just one int
|
|
|
|
try:
|
|
|
|
if int(untrusted_meminfo) >= 0:
|
2017-06-21 06:34:00 +02:00
|
|
|
return int(untrusted_meminfo) * 1024
|
2016-09-07 03:43:46 +02:00
|
|
|
except ValueError:
|
|
|
|
pass
|
|
|
|
|
2017-06-21 06:34:00 +02:00
|
|
|
untrusted_meminfo = untrusted_meminfo.decode('ascii', errors='strict')
|
2016-09-07 03:43:46 +02:00
|
|
|
# not new syntax - try the old one
|
2011-05-04 17:10:01 +02:00
|
|
|
untrusted_dict = {}
|
2016-09-07 03:43:46 +02:00
|
|
|
# split meminfo contents into lines
|
2017-06-12 09:52:05 +02:00
|
|
|
untrusted_lines = untrusted_meminfo.split("\n")
|
2011-05-04 17:10:01 +02:00
|
|
|
for untrusted_lines_iterator in untrusted_lines:
|
2016-09-07 03:43:46 +02:00
|
|
|
# split a single meminfo line into words
|
2017-06-12 09:52:05 +02:00
|
|
|
untrusted_words = untrusted_lines_iterator.split()
|
2011-05-04 17:10:01 +02:00
|
|
|
if len(untrusted_words) >= 2:
|
2017-06-12 09:52:05 +02:00
|
|
|
untrusted_dict[untrusted_words[0].rstrip(":")] = \
|
2016-09-07 03:43:46 +02:00
|
|
|
untrusted_words[1]
|
|
|
|
|
|
|
|
# sanitize start
|
2016-09-12 06:08:59 +02:00
|
|
|
if not is_meminfo_suspicious(untrusted_dict):
|
2016-09-07 03:43:46 +02:00
|
|
|
# sanitize end
|
2016-09-12 06:08:59 +02:00
|
|
|
meminfo = untrusted_dict
|
2017-06-21 06:34:00 +02:00
|
|
|
return (meminfo['MemTotal'] -
|
|
|
|
meminfo['MemFree'] - meminfo['Cached'] - meminfo['Buffers'] +
|
|
|
|
meminfo['SwapTotal'] - meminfo['SwapFree']) * 1024
|
2016-09-07 03:43:46 +02:00
|
|
|
|
|
|
|
|
|
|
|
return None
|
2010-09-09 11:24:04 +02:00
|
|
|
|
2011-05-04 17:10:01 +02:00
|
|
|
|
2016-09-07 03:43:46 +02:00
|
|
|
def is_meminfo_suspicious(untrusted_meminfo):
|
2015-03-17 16:45:00 +01:00
|
|
|
log.debug('is_meminfo_suspicious('
|
2016-09-07 03:43:46 +02:00
|
|
|
'untrusted_meminfo={!r})'.format(untrusted_meminfo))
|
2011-05-04 17:10:01 +02:00
|
|
|
ret = False
|
2015-03-17 16:45:00 +01:00
|
|
|
|
2016-09-07 03:43:46 +02:00
|
|
|
# check whether the required keys exist and are not negative
|
2010-09-09 11:24:04 +02:00
|
|
|
try:
|
2016-09-07 03:43:46 +02:00
|
|
|
for i in ('MemTotal', 'MemFree', 'Buffers', 'Cached',
|
|
|
|
'SwapTotal', 'SwapFree'):
|
2017-06-21 06:34:00 +02:00
|
|
|
val = int(untrusted_meminfo[i])
|
2016-09-07 03:43:46 +02:00
|
|
|
if val < 0:
|
2011-05-04 17:10:01 +02:00
|
|
|
ret = True
|
|
|
|
untrusted_meminfo[i] = val
|
2010-09-09 11:24:04 +02:00
|
|
|
except:
|
2011-05-04 17:10:01 +02:00
|
|
|
ret = True
|
2010-09-09 11:24:04 +02:00
|
|
|
|
2016-09-07 03:43:46 +02:00
|
|
|
if untrusted_meminfo['SwapTotal'] < untrusted_meminfo['SwapFree']:
|
2010-08-30 11:40:19 +02:00
|
|
|
ret = True
|
2016-09-07 03:43:46 +02:00
|
|
|
if untrusted_meminfo['MemTotal'] < \
|
|
|
|
untrusted_meminfo['MemFree'] + \
|
|
|
|
untrusted_meminfo['Cached'] + untrusted_meminfo['Buffers']:
|
2010-08-30 11:40:19 +02:00
|
|
|
ret = True
|
2016-09-07 03:43:46 +02:00
|
|
|
# we could also impose some limits on all the above values
|
|
|
|
# but it has little purpose - all the domain can gain by passing e.g.
|
|
|
|
# very large SwapTotal is that it will be assigned all free Xen memory
|
|
|
|
# it can be achieved with legal values, too, and it will not allow to
|
|
|
|
# starve existing domains, by design
|
2010-08-30 11:40:19 +02:00
|
|
|
if ret:
|
2016-09-07 03:43:46 +02:00
|
|
|
log.warning('suspicious meminfo untrusted_meminfo={!r}'.format(untrusted_meminfo))
|
2010-08-30 11:40:19 +02:00
|
|
|
return ret
|
|
|
|
|
2016-09-07 03:43:46 +02:00
|
|
|
|
|
|
|
# called when a domain updates its 'meminfo' xenstore key
|
2011-05-04 17:58:28 +02:00
|
|
|
def refresh_meminfo_for_domain(domain, untrusted_xenstore_key):
|
2016-09-07 03:43:46 +02:00
|
|
|
domain.mem_used = sanitize_and_parse_meminfo(untrusted_xenstore_key)
|
|
|
|
|
2014-12-18 14:36:09 +01:00
|
|
|
|
2011-05-04 17:58:28 +02:00
|
|
|
def prefmem(domain):
|
2010-08-30 11:40:19 +02:00
|
|
|
#dom0 is special, as it must have large cache, for vbds. Thus, give it a special boost
|
2011-05-04 17:58:28 +02:00
|
|
|
if domain.id == '0':
|
2016-09-23 03:28:46 +02:00
|
|
|
return min(domain.mem_used*CACHE_FACTOR + DOM0_MEM_BOOST, domain.memory_maximum)
|
2011-10-10 11:04:28 +02:00
|
|
|
return max(min(domain.mem_used*CACHE_FACTOR, domain.memory_maximum), MIN_PREFMEM)
|
2010-08-30 11:40:19 +02:00
|
|
|
|
2011-05-04 17:58:28 +02:00
|
|
|
def memory_needed(domain):
|
2010-08-30 11:40:19 +02:00
|
|
|
#do not change
|
2011-05-04 17:58:28 +02:00
|
|
|
#in balance(), "distribute total_available_memory proportionally to mempref" relies on this exact formula
|
|
|
|
ret = prefmem(domain) - domain.memory_actual
|
2010-08-30 11:40:19 +02:00
|
|
|
return ret
|
2014-12-18 14:36:09 +01:00
|
|
|
|
2011-05-04 17:58:28 +02:00
|
|
|
#prepare list of (domain, memory_target) pairs that need to be passed
|
|
|
|
#to "xm memset" equivalent in order to obtain "memsize" of memory
|
|
|
|
#return empty list when the request cannot be satisfied
|
|
|
|
def balloon(memsize, domain_dictionary):
|
2015-03-17 16:45:00 +01:00
|
|
|
log.debug('balloon(memsize={!r}, domain_dictionary={!r})'.format(
|
|
|
|
memsize, domain_dictionary))
|
2010-08-30 11:40:19 +02:00
|
|
|
REQ_SAFETY_NET_FACTOR = 1.05
|
|
|
|
donors = list()
|
|
|
|
request = list()
|
|
|
|
available = 0
|
2011-05-04 17:58:28 +02:00
|
|
|
for i in domain_dictionary.keys():
|
2016-09-12 06:08:59 +02:00
|
|
|
if domain_dictionary[i].mem_used is None:
|
2010-08-30 11:40:19 +02:00
|
|
|
continue
|
2011-05-04 17:58:28 +02:00
|
|
|
if domain_dictionary[i].no_progress:
|
2010-08-30 11:40:19 +02:00
|
|
|
continue
|
2011-05-04 17:58:28 +02:00
|
|
|
need = memory_needed(domain_dictionary[i])
|
2010-08-30 11:40:19 +02:00
|
|
|
if need < 0:
|
2015-03-17 16:45:00 +01:00
|
|
|
log.info('balloon: dom {} has actual memory {}'.format(i,
|
|
|
|
domain_dictionary[i].memory_actual))
|
2010-08-30 11:40:19 +02:00
|
|
|
donors.append((i,-need))
|
2015-10-01 22:14:35 +02:00
|
|
|
available-=need
|
2015-03-17 16:45:00 +01:00
|
|
|
|
|
|
|
log.info('req={} avail={} donors={!r}'.format(memsize, available, donors))
|
|
|
|
|
2010-08-30 11:40:19 +02:00
|
|
|
if available<memsize:
|
|
|
|
return ()
|
|
|
|
scale = 1.0*memsize/available
|
|
|
|
for donors_iter in donors:
|
|
|
|
id, mem = donors_iter
|
|
|
|
memborrowed = mem*scale*REQ_SAFETY_NET_FACTOR
|
2015-03-17 16:45:00 +01:00
|
|
|
log.info('borrow {} from {}'.format(memborrowed, id))
|
2011-05-04 17:58:28 +02:00
|
|
|
memtarget = int(domain_dictionary[id].memory_actual - memborrowed)
|
2010-08-30 11:40:19 +02:00
|
|
|
request.append((id, memtarget))
|
|
|
|
return request
|
|
|
|
# REQ_SAFETY_NET_FACTOR is a bit greater that 1. So that if the domain yields a bit less than requested, due
|
|
|
|
# to e.g. rounding errors, we will not get stuck. The surplus will return to the VM during "balance" call.
|
2010-09-01 12:40:02 +02:00
|
|
|
|
|
|
|
|
2011-05-04 17:58:28 +02:00
|
|
|
#redistribute positive "total_available_memory" of memory between domains, proportionally to prefmem
|
2015-03-17 16:45:00 +01:00
|
|
|
def balance_when_enough_memory(domain_dictionary,
|
|
|
|
xen_free_memory, total_mem_pref, total_available_memory):
|
|
|
|
log.info('balance_when_enough_memory(xen_free_memory={!r}, '
|
|
|
|
'total_mem_pref={!r}, total_available_memory={!r})'.format(
|
|
|
|
xen_free_memory, total_mem_pref, total_available_memory))
|
|
|
|
|
2011-05-12 15:20:26 +02:00
|
|
|
target_memory = {}
|
|
|
|
# memory not assigned because of static max
|
|
|
|
left_memory = 0
|
|
|
|
acceptors_count = 0
|
2011-05-04 17:58:28 +02:00
|
|
|
for i in domain_dictionary.keys():
|
2016-09-07 03:43:46 +02:00
|
|
|
if domain_dictionary[i].mem_used is None:
|
2010-09-01 12:40:02 +02:00
|
|
|
continue
|
2012-07-05 01:23:43 +02:00
|
|
|
if domain_dictionary[i].no_progress:
|
|
|
|
continue
|
2011-05-04 17:58:28 +02:00
|
|
|
#distribute total_available_memory proportionally to mempref
|
|
|
|
scale = 1.0*prefmem(domain_dictionary[i])/total_mem_pref
|
|
|
|
target_nonint = prefmem(domain_dictionary[i]) + scale*total_available_memory
|
2010-09-01 12:40:02 +02:00
|
|
|
#prevent rounding errors
|
2010-09-16 16:40:09 +02:00
|
|
|
target = int(0.999*target_nonint)
|
2011-05-12 15:20:26 +02:00
|
|
|
#do not try to give more memory than static max
|
|
|
|
if target > domain_dictionary[i].memory_maximum:
|
|
|
|
left_memory += target-domain_dictionary[i].memory_maximum
|
|
|
|
target = domain_dictionary[i].memory_maximum
|
|
|
|
else:
|
|
|
|
# count domains which can accept more memory
|
|
|
|
acceptors_count += 1
|
|
|
|
target_memory[i] = target
|
|
|
|
# distribute left memory across all acceptors
|
2011-05-12 17:36:47 +02:00
|
|
|
while left_memory > 0 and acceptors_count > 0:
|
2015-03-17 16:45:00 +01:00
|
|
|
log.info('left_memory={} acceptors_count={}'.format(
|
|
|
|
left_memory, acceptors_count))
|
|
|
|
|
2011-05-12 15:20:26 +02:00
|
|
|
new_left_memory = 0
|
2011-06-07 15:56:55 +02:00
|
|
|
new_acceptors_count = acceptors_count
|
2011-05-12 15:20:26 +02:00
|
|
|
for i in target_memory.keys():
|
|
|
|
target = target_memory[i]
|
|
|
|
if target < domain_dictionary[i].memory_maximum:
|
|
|
|
memory_bonus = int(0.999*(left_memory/acceptors_count))
|
|
|
|
if target+memory_bonus >= domain_dictionary[i].memory_maximum:
|
|
|
|
new_left_memory += target+memory_bonus - domain_dictionary[i].memory_maximum
|
|
|
|
target = domain_dictionary[i].memory_maximum
|
2011-06-07 15:56:55 +02:00
|
|
|
new_acceptors_count -= 1
|
2011-05-12 15:20:26 +02:00
|
|
|
else:
|
|
|
|
target += memory_bonus
|
|
|
|
target_memory[i] = target
|
|
|
|
left_memory = new_left_memory
|
2011-06-07 15:56:55 +02:00
|
|
|
acceptors_count = new_acceptors_count
|
2011-05-12 15:20:26 +02:00
|
|
|
# split target_memory dictionary to donors and acceptors
|
|
|
|
# this is needed to first get memory from donors and only then give it to acceptors
|
|
|
|
donors_rq = list()
|
|
|
|
acceptors_rq = list()
|
|
|
|
for i in target_memory.keys():
|
|
|
|
target = target_memory[i]
|
2011-05-04 17:58:28 +02:00
|
|
|
if (target < domain_dictionary[i].memory_actual):
|
2010-09-01 12:40:02 +02:00
|
|
|
donors_rq.append((i, target))
|
|
|
|
else:
|
|
|
|
acceptors_rq.append((i, target))
|
2011-05-12 15:20:26 +02:00
|
|
|
|
2011-05-04 17:58:28 +02:00
|
|
|
# print 'balance(enough): xen_free_memory=', xen_free_memory, 'requests:', donors_rq + acceptors_rq
|
2010-09-01 12:40:02 +02:00
|
|
|
return donors_rq + acceptors_rq
|
|
|
|
|
2015-03-17 16:45:00 +01:00
|
|
|
|
2014-12-18 14:36:09 +01:00
|
|
|
#when not enough mem to make everyone be above prefmem, make donors be at prefmem, and
|
2010-09-01 12:40:02 +02:00
|
|
|
#redistribute anything left between acceptors
|
2015-03-17 16:45:00 +01:00
|
|
|
def balance_when_low_on_memory(domain_dictionary,
|
|
|
|
xen_free_memory, total_mem_pref_acceptors, donors, acceptors):
|
|
|
|
log.debug('balance_when_low_on_memory(xen_free_memory={!r}, '
|
|
|
|
'total_mem_pref_acceptors={!r}, donors={!r}, acceptors={!r})'.format(
|
|
|
|
xen_free_memory, total_mem_pref_acceptors, donors, acceptors))
|
2010-09-01 12:40:02 +02:00
|
|
|
donors_rq = list()
|
|
|
|
acceptors_rq = list()
|
2011-05-04 17:58:28 +02:00
|
|
|
squeezed_mem = xen_free_memory
|
2010-09-01 12:40:02 +02:00
|
|
|
for i in donors:
|
2011-05-04 17:58:28 +02:00
|
|
|
avail = -memory_needed(domain_dictionary[i])
|
2010-09-01 12:40:02 +02:00
|
|
|
if avail < 10*1024*1024:
|
|
|
|
#probably we have already tried making it exactly at prefmem, give up
|
|
|
|
continue
|
|
|
|
squeezed_mem -= avail
|
2011-05-04 17:58:28 +02:00
|
|
|
donors_rq.append((i, prefmem(domain_dictionary[i])))
|
2010-09-16 15:57:11 +02:00
|
|
|
#the below can happen if initially xen free memory is below 50M
|
|
|
|
if squeezed_mem < 0:
|
|
|
|
return donors_rq
|
2010-09-01 12:40:02 +02:00
|
|
|
for i in acceptors:
|
2011-05-04 17:58:28 +02:00
|
|
|
scale = 1.0*prefmem(domain_dictionary[i])/total_mem_pref_acceptors
|
|
|
|
target_nonint = domain_dictionary[i].memory_actual + scale*squeezed_mem
|
2011-05-12 15:20:26 +02:00
|
|
|
#do not try to give more memory than static max
|
|
|
|
target = min(int(0.999*target_nonint), domain_dictionary[i].memory_maximum)
|
|
|
|
acceptors_rq.append((i, target))
|
2011-05-04 17:58:28 +02:00
|
|
|
# print 'balance(low): xen_free_memory=', xen_free_memory, 'requests:', donors_rq + acceptors_rq
|
2010-09-01 12:40:02 +02:00
|
|
|
return donors_rq + acceptors_rq
|
2011-05-04 17:58:28 +02:00
|
|
|
|
|
|
|
|
|
|
|
#redistribute memory across domains
|
2014-12-18 14:36:09 +01:00
|
|
|
#called when one of domains update its 'meminfo' xenstore key
|
2011-05-04 17:58:28 +02:00
|
|
|
#return the list of (domain, memory_target) pairs to be passed to
|
2014-12-18 14:36:09 +01:00
|
|
|
#"xm memset" equivalent
|
2011-05-04 17:58:28 +02:00
|
|
|
def balance(xen_free_memory, domain_dictionary):
|
2015-03-17 16:45:00 +01:00
|
|
|
log.debug('balance(xen_free_memory={!r}, domain_dictionary={!r})'.format(
|
|
|
|
xen_free_memory, domain_dictionary))
|
2011-05-04 17:58:28 +02:00
|
|
|
|
|
|
|
#sum of all memory requirements - in other words, the difference between
|
2014-12-18 14:36:09 +01:00
|
|
|
#memory required to be added to domains (acceptors) to make them be at their
|
2011-05-04 17:58:28 +02:00
|
|
|
#preferred memory, and memory that can be taken from domains (donors) that
|
|
|
|
#can provide memory. So, it can be negative when plenty of memory.
|
|
|
|
total_memory_needed = 0
|
|
|
|
|
|
|
|
#sum of memory preferences of all domains
|
2010-08-30 11:40:19 +02:00
|
|
|
total_mem_pref = 0
|
2011-05-04 17:58:28 +02:00
|
|
|
|
|
|
|
#sum of memory preferences of all domains that require more memory
|
2010-09-01 12:40:02 +02:00
|
|
|
total_mem_pref_acceptors = 0
|
2014-12-18 14:36:09 +01:00
|
|
|
|
2011-05-04 17:58:28 +02:00
|
|
|
donors = list() # domains that can yield memory
|
|
|
|
acceptors = list() # domains that require more memory
|
2010-08-30 11:40:19 +02:00
|
|
|
#pass 1: compute the above "total" values
|
2011-05-04 17:58:28 +02:00
|
|
|
for i in domain_dictionary.keys():
|
2016-09-07 03:43:46 +02:00
|
|
|
if domain_dictionary[i].mem_used is None:
|
2010-08-30 11:40:19 +02:00
|
|
|
continue
|
2012-07-05 01:23:43 +02:00
|
|
|
if domain_dictionary[i].no_progress:
|
|
|
|
continue
|
2011-05-04 17:58:28 +02:00
|
|
|
need = memory_needed(domain_dictionary[i])
|
|
|
|
# print 'domain' , i, 'act/pref', domain_dictionary[i].memory_actual, prefmem(domain_dictionary[i]), 'need=', need
|
2011-05-12 15:20:26 +02:00
|
|
|
if need < 0 or domain_dictionary[i].memory_actual >= domain_dictionary[i].memory_maximum:
|
2010-09-01 12:40:02 +02:00
|
|
|
donors.append(i)
|
|
|
|
else:
|
|
|
|
acceptors.append(i)
|
2011-05-04 17:58:28 +02:00
|
|
|
total_mem_pref_acceptors += prefmem(domain_dictionary[i])
|
|
|
|
total_memory_needed += need
|
|
|
|
total_mem_pref += prefmem(domain_dictionary[i])
|
2010-08-30 11:40:19 +02:00
|
|
|
|
2014-12-18 14:36:09 +01:00
|
|
|
total_available_memory = xen_free_memory - total_memory_needed
|
2011-05-04 17:58:28 +02:00
|
|
|
if total_available_memory > 0:
|
|
|
|
return balance_when_enough_memory(domain_dictionary, xen_free_memory, total_mem_pref, total_available_memory)
|
2010-09-01 12:40:02 +02:00
|
|
|
else:
|
2011-05-04 17:58:28 +02:00
|
|
|
return balance_when_low_on_memory(domain_dictionary, xen_free_memory, total_mem_pref_acceptors, donors, acceptors)
|