1225411354 J * yarihm ~yarihm@77-56-182-18.dclient.hispeed.ch
1225411734 Q * docelic Quit: http://www.spinlocksolutions.com/
1225412367 Q * Aiken Remote host closed the connection
1225412426 J * Aiken ~Aiken@ppp118-208-49-170.lns4.bne1.internode.on.net
1225412520 Q * Aiken Remote host closed the connection
1225412725 J * Aiken ~Aiken@ppp118-208-49-170.lns4.bne1.internode.on.net
1225413602 Q * yarihm Quit: Leaving
1225414133 M * jescheng hi Bertll
1225414164 M * Bertl hey!
1225414191 M * jescheng hey~ remember we had a dicussion about the tmpfs acccounting in vserver
1225414229 M * jescheng i checked it on the 2.2.0.5 patch, looks like the tmpfs is also not accounted for in the vserver memory limit
1225414261 M * Bertl okay
1225414346 M * jescheng any chance we can get a fix for this? :)
1225414348 M * Bertl as I said, I can imagine we add a special limit for that in the future
1225414380 M * Bertl i.e. shouldn't be too hard to account tmpfs pages for a guest, we just need to tag them properly
1225414441 M * daniel_hozac why is that needed? the limit is configured in the guest's fstab...
1225414471 M * Bertl yes, but it would be nice to make tmpfs(es) limitable without having fixed limits
1225414505 M * Bertl means: I can see that it would be nice to allow to have e.g. 2 or 3 tmpfs mounts in a guest, with a common limit
1225414565 M * daniel_hozac that could be achieved using bind mounts, no?
1225414588 M * daniel_hozac but sure, i see what you're saying.
1225414591 M * Bertl correct, but what about changing that space dynamically?
1225414607 M * Bertl (currently requires the remount, with a new limit)
1225414640 M * jescheng Bertl: in your thinking, will tmpfs limit be part of the memory limit? or separate? 
1225414663 M * Bertl I think it makes sense to make it a separate limit (if we do that)
1225414680 M * daniel_hozac how does mainline handle it?
1225414720 M * Bertl no idea, I think that mainline will not address shared memory in the near future
1225414747 M * Bertl so with a separate memory 'zone' to allocate from, it should be accounted to the memory space (once that works)
1225414765 M * daniel_hozac you mean like NUMA?
1225414781 M * Bertl at least that was what was suggested, IIRC
1225414787 M * daniel_hozac i thought mainline's memory limits were already beyond what we did.
1225414838 M * Bertl maybe, I didn't follow the 2.6.25+ development closely ... i.e. have to read up on that
1225414874 M * Bertl but if you figure it out, please let me know (for sure saves me some time :)
1225415104 M * jescheng ok, if it gets fixed I am happy to test it 
1225415107 M * jescheng :)
1225415121 M * Bertl daniel_hozac: any quick idea for this one: http://paste.linux-vserver.org/12547
1225415138 M * Bertl jescheng: not fixed, added/implemented .. it's a feature after all
1225415160 M * Bertl jescheng: but good to know that you are going to test it, when we get there
1225415161 M * jescheng will it be do-able in a 2.6.22.19 kernel, or does it need to be latest
1225415186 M * Bertl really depends on the solution, most development is done on 2.6.27 atm
1225415206 M * jescheng i see, if it's a feature, so i guess it will go to the 2.3 patch?
1225415243 M * Bertl at least for testing, but if it is simple/compatible, you probably can use it for 2.6.22 too
1225415247 M * daniel_hozac Bertl: hmm. dynamic nid is the only thing i can think of.
1225415312 M * Bertl it's a very old testme.sh, so it could be using dynamic ids, will check
1225415335 Q * xdr Ping timeout: 480 seconds
1225415383 M * daniel_hozac Bertl: http://people.linux-vserver.org/~dhozac/p/k/delta-capcontext-compat01.diff
1225415391 M * daniel_hozac in the interest of being forwards-compatible.
1225415409 M * Bertl ah, yes, good idea 
1225415434 M * Bertl the CAP_LAST_CAP doesn't hurt us anywhere?
1225415445 M * jescheng is there a way to find out what features might be planned for a release, just so I can plan ahead?
1225415460 M * Bertl I mean, anywhere else than in cap_valid() which is handled
1225415485 Q * jescheng Remote host closed the connection
1225415490 M * Bertl jescheng: you can follow the discussions here on the IRC channel (or via the IRC logs)
1225415495 J * jescheng ~jescheng@proxy-sjc-1.cisco.com
1225415504 M * Bertl jescheng: you can follow the discussions here on the IRC channel (or via the IRC logs)
1225415529 M * jescheng ok. I guess I'll check back on it then
1225415537 M * jescheng thanks a lot Bertl
1225415542 M * Bertl you're welcome!
1225415608 M * daniel_hozac Bertl: no, it's only used in SELinux to check if there are more than 64.
1225415633 M * Bertl okay, sounds good
1225415777 M * Bertl daniel_hozac: yeah, seems so (ad dynamic contexts, works fine with V0.17)
1225415835 M * daniel_hozac cool.
1225415979 M * Bertl daniel_hozac: hmm, I presume, test 031, the vhi stuff, works for you?
1225416352 M * daniel_hozac yeah.
1225417294 Q * jescheng Quit: Leaving
1225417400 M * Bertl interesting, works now too ...
1225417495 M * daniel_hozac did it already change your hostname?
1225417558 M * Bertl no, it works fine with 0.30.211 (testing with a new image atm)
1225417612 M * daniel_hozac 0.30.211 works at all on that kernel? i'm somewhat surprised.
1225417649 M * Bertl well, it passes testme.sh V0.17 :)
1225417766 M * Bertl do you have a link for me for the latest 0.30.216 pre?
1225417814 M * daniel_hozac http://people.linux-vserver.org/~dhozac/t/uv-testing/util-vserver-0.30.216-pre2811.tar.bz2
1225417819 M * Bertl tx
1225419046 M * daniel_hozac let me know when you have a patch, i think i'm pretty much set in the utils already.
1225419071 M * Bertl I have one, but I'm not sure it is working properly ... I'll upload in a few minutes
1225420265 Q * FireEgl Quit: Leaving...
1225420573 M * Bertl okay, test 031 fails with recent tools ...
1225420611 M * Bertl I#ll upload now, maybe you can spot the issue ...
1225420654 M * daniel_hozac okay.
1225420751 M * Bertl http://vserver.13thfloor.at/Experimental/delta-space-feat01.diff
1225420780 M * Bertl going to test now with the patch removed ...
1225420951 M * daniel_hozac __shutdown_vx_info leaks the second one, doesn't it?
1225421000 M * daniel_hozac i think we should put #define VX_SPACE_INDICES 2 or similar in the header and use that.
1225421019 M * Bertl good point
1225421088 M * Bertl why should __shutdown_vx_info leak the second one?
1225421096 M * daniel_hozac < 1
1225421104 M * Bertl ah, k :)
1225421122 M * Bertl yeah, the VX_SPACE_INDICES will help there too :)
1225421133 M * daniel_hozac yep
1225421137 M * Bertl maybe VX_NUM_SPACES ?
1225421145 M * daniel_hozac sounds good to me
1225421163 M * daniel_hozac in vc_enter_space, i think we can drop (vc_data.index < 0). it's unsigned, so it'll never be < 0.
1225421178 M * Bertl okay
1225421180 M * daniel_hozac same in set.
1225421196 M * Bertl (compiler should handle that though, but it's a legacy, I had an int there first)
1225421227 M * daniel_hozac some versions of gcc will warn about it, IIRC.
1225421245 M * Bertl I'll remove it, no question
1225421302 M * daniel_hozac the patch looks fine to me though.
1225421311 M * Bertl testing without it in a second
1225421360 M * Bertl without it, 0.30.216preSomething is happy
1225421386 M * Bertl going to fix up the leakage now and retest
1225421533 Q * TimG Quit: TimG
1225422779 M * Bertl nah, still fails ... uploading in a second
1225422972 M * Bertl http://vserver.13thfloor.at/Experimental/delta-space-feat02.diff
1225423514 M * daniel_hozac and the 031 test is failing?
1225423520 M * Bertl yup
1225423550 M * Bertl http://paste.linux-vserver.org/12548
1225423759 M * daniel_hozac so what do the nsproxy files for that context look like?
1225423873 T * * http://linux-vserver.org/ |stable 2.2.0.7, devel 2.3.0.34, grsec 2.2.0.7|util-vserver-0.30.215|libvserver-1.0.2|vserver-utils-1.0.3| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute. 
1225423873 T * ChanServ -
1225423957 M * Bertl I presume I messed up somewhere with the default space mask
1225424046 Q * hijacker Server closed connection
1225424057 J * hijacker ~hijacker@213.91.163.5
1225424157 M * daniel_hozac hmm.
1225424163 M * daniel_hozac it looks like set_space is failing with ENOSYS.
1225424200 M * daniel_hozac oh, they're not in do_vserver.
1225424201 M * daniel_hozac heh.
1225424244 M * daniel_hozac it's strange that you didn't get a failure message about that though.
1225424313 M * Bertl http://paste.linux-vserver.org/12549 (same run without the patch)
1225424334 M * daniel_hozac yeah
1225424334 M * daniel_hozac #
1225424334 M * daniel_hozac [   56.034923] vxD: ffff88000f90e040: vc: VCMD_10_3[1] = 00000000(0) [8,2]  
1225424343 M * daniel_hozac vs.
1225424344 M * daniel_hozac [  116.931923] vxD: ffff88000f852040: vc: VCMD_10_3[1] = ffffffffffffffda(-38) [0,-1]
1225424368 M * Bertl yep, but why isn't that reported (in userspace)?
1225424381 M * daniel_hozac yeah, i don't know.
1225424397 M * Bertl okay, I know what's wrong there, I missed the command check
1225424399 M * daniel_hozac i've rewritten all of this in my working directory though, and i got failures for all but 101 and 102.
1225424418 M * daniel_hozac the vspace: vc_set_namespace(): Function not implemented
1225424420 M * daniel_hozac you'd expect.
1225424438 M * Bertl okay, I know how to fix this
1225424486 Q * Nuls Ping timeout: 480 seconds
1225424674 M * Bertl yep, all fine now, uploading in a sec
1225424681 M * daniel_hozac great!
1225424724 M * Bertl I didn't update the permission checks
1225424734 M * daniel_hozac right.
1225424736 M * Bertl i.e. it was only allowing the most recent versions
1225424763 M * Bertl I presume the next pre version will report this in the future?
1225424769 M * daniel_hozac it will.
1225424774 M * Bertl excellent!
1225424834 M * Bertl http://vserver.13thfloor.at/Experimental/delta-space-feat03.diff
1225424883 M * daniel_hozac is there a particular reason the structures are number _v1 and _v2 as opposed to _v0 and _v1 (or not at all)?
1225424920 M * Bertl thethe space mask?
1225424925 M * daniel_hozac right.
1225424947 M * Bertl well, we tend to label the vcmd structures according to the commands they are used in
1225424956 M * Bertl _v0 didn't take a mask at all
1225424961 M * daniel_hozac ah... i hadn't noticed that :-)
1225424986 M * Bertl as we only had one, we used only the vcmd_space_mask till now
1225425071 M * Bertl I'm trying to be consistant, doesn't mean that I always get it right :)
1225425213 M * daniel_hozac hehe
1225426938 Q * derjohn Server closed connection
1225426949 J * derjohn ~derjohn@80.69.41.3
1225427365 M * Bertl okay, off to bed now .. let me know how the pivot stuff goes ...
1225427372 N * Bertl Bertl_zZ
1225427397 M * daniel_hozac good night! will do
1225434783 J * sharkjaw ~gab@149-67-194.231210.adsl.tele2.no
1225435041 J * mtg ~mtg@dialbs-088-079-143-204.static.arcor-ip.net
1225435631 J * dna ~dna@58-194-dsl.kielnet.net
1225437966 J * chigital ~chigital@services.mivitec.net
1225439382 Q * larsivi_ Quit: Konversation terminated!
1225439496 Q * ag- Ping timeout: 480 seconds
1225439586 J * ag- ~ag@fedaykin.roxor.cx
1225441056 Q * nkukard Quit: Leaving
1225442701 J * larsivi ~larsivi@85.221.53.194
1225443396 Q * chigital Quit: bin weg
1225443790 J * chigital ~chigital@services.mivitec.net
1225444814 J * kir ~kir@swsoft-msk-nat.sw.ru
1225449640 Q * dna Ping timeout: 480 seconds
1225452103 T * * http://linux-vserver.org/ |stable 2.2.0.7, devel 2.3.0.34, grsec 2.2.0.7|util-vserver-0.30.215|libvserver-1.0.2|vserver-utils-1.0.3| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute. 
1225452103 T * ChanServ -
1225452425 J * Web-sidux804 ~richi@85-126-150-198.work.xdsl-line.inode.at
1225452496 M * Web-sidux804 hi, i have a vserver with ftp running, what do i need to forward ftp to this vserver? I get a connection but nothing more. Port 21 works, but everything over 20 doesn't work.
1225452502 M * Web-sidux804 so i see no direcotrys/files...
1225452510 M * Web-sidux804 auth works ...
1225453660 M * hijacker ftp is weird
1225453667 M * hijacker Web-sidux804, read on how ftp works
1225453680 M * hijacker maybe this will glow some light on the resolution of the issue
1225453712 M * hijacker especially the part with the data connection and the control connection
1225453723 M * hijacker passive and active ftp
1225453740 M * hijacker server/client initiated connections
1225454012 J * doener_ ~doener@i577BB24A.versanet.de
1225454077 M * pmjdebru1jn vserver by itself should have no effect on ftp
1225454087 M * pmjdebru1jn as you have a normaal network interface (without routing etc)
1225454116 Q * doener Ping timeout: 480 seconds
1225455185 M * Web-sidux804 i have forwarded everything correct...
1225455301 M * pmjdebru1jn Web-sidux804: forwarded in what?
1225455310 M * pmjdebru1jn Web-sidux804: you're probably not running into a vserver issue...
1225456278 N * Bertl_zZ Bert
1225456283 N * Bert Bertl
1225456289 M * Bertl morning folks!
1225456403 M * Web-sidux804 i know, but maybe someone else has this problem. I have made prerouting for 21 and 20 and forward accept for this ports
1225456409 M * Bertl Web-sidux804: there is no forwarding between Linux-VServer host and guest, you need to do proper NAT-ing
1225456456 M * Bertl use tcpdump to look at the packages, compare them to the protocol, you'll see where you problem is
1225456467 M * Bertl s/packages/packets/
1225456519 M * Web-sidux804 maybe i have something forgotten in my "routing" script...
1225456524 Q * Aiken Remote host closed the connection
1225456955 M * Bertl okay, off for now .. have to grab some groceries ...bbl
1225456965 N * Bertl Bertl_oO
1225457880 M * Web-sidux804 i have forgotten to setthe passivports in the proftpd :)
1225459309 M * daniel_hozac you don't really need to. just make sure ip_nat_ftp is loaded.
1225459491 J * renos ~renos@81.4.172.5
1225459494 M * renos hello all
1225459506 M * pmjdebru1jn but why firewall anyways? just make sure you haven't any services running you don't want
1225459590 M * renos an good companies providing dedicated servers in europe?
1225459592 M * daniel_hozac that requires you put the guest on a public IP.
1225459614 M * renos (besides hetzner.de)
1225459732 M * pmjdebru1jn daniel_hozac: of course
1225459747 M * pmjdebru1jn anygood colo will provide you with 8 IPs anyways
1225459807 M * renos pmjdebru1jn I know, I was wondering if you know a good one or maybe use one
1225459827 M * daniel_hozac not everybody colocates their boxes :)
1225459831 M * renos colocating servers in my country (Greece) is still expensive
1225459849 M * renos daniel_hozac that is why I asked for dedicated root server tip ;-)
1225460169 M * pmjdebru1jn renos: no clue
1225460191 M * pmjdebru1jn renos: my response wasn't to you :p
1225460221 M * renos pmjdebru1jn no prob :-)
1225462425 Q * sharkjaw Remote host closed the connection
1225463816 Q * larsivi Quit: Konversation terminated!
1225465431 Q * Web-sidux804 Remote host closed the connection
1225465824 M * daniel_hozac Bertl_oO: http://people.linux-vserver.org/~dhozac/p/k/delta-space-fix06.diff
1225465942 J * dowdle ~dowdle@scott.coe.montana.edu
1225466466 Q * renos Quit: BitchX-1.1-final -- just do it.
1225467692 M * daniel_hozac Bertl_oO: please bump the VCI_VERSION too.
1225467776 Q * chigital Ping timeout: 480 seconds
1225468169 J * lilalinux ~plasma@80.69.41.3
1225468271 Q * lilalinux 
1225468402 M * daniel_hozac Bertl_oO: http://people.linux-vserver.org/~dhozac/t/uv-testing/util-vserver-0.30.216-pre2820.tar.bz2 use pivot_root, if the VCI_VERSION >= 0x00020304 and filesystem namespaces are configured. it seems to work well :-)
1225471512 Q * kir Quit: Leaving.
1225472345 J * xdr ~xdr@171-173-96-87.cust.blixtvik.se
1225472410 J * hparker ~hparker@linux.homershut.net
1225472446 J * nkukard ~nkukard@196.212.73.74
1225472553 N * Bertl_oO Bertl
1225472556 M * Bertl back now ...
1225472618 M * Bertl daniel_hozac: excellent! good work!
1225472672 Q * ghislainocfs21 Quit: Leaving.
1225472860 J * larsivi ~larsivi@9.80-202-30.nextgentel.com
1225472928 Q * hijacker Read error: Connection reset by peer
1225472941 J * hijacker ~hijacker@213.91.163.5
1225473218 M * Bertl daniel_hozac: so I apply your patch to revert the barrier changes, add the dual mask stuff and bump the version, then we should be fine in this regard, correct?
1225473270 M * daniel_hozac yep
1225473382 M * Bertl okay, done, what about the delta-fperm-fix06.diff?
1225473425 M * daniel_hozac yeah, that's needed too.
1225473441 M * Bertl that goes together with the clean, right?
1225473449 M * daniel_hozac nah, supercedes the clean.
1225473465 M * Bertl okay
1225473469 M * daniel_hozac it's basically the same patch, but fix has some more fixes.
1225473524 M * Bertl okay, so next topic, pid spaces?
1225473601 M * daniel_hozac i'm not entirely convinced backwards-compatability there is worth it
1225473652 M * daniel_hozac mostly because i'm not familiar enough with the struct pid rules to say whether what we're doing is crazy.
1225473757 M * Bertl well, let's go through the options there and see what we _can_ do
1225473785 M * Bertl first, I think there is nothing bad (or unusual) about allocating pid=1 in the new space
1225473800 M * Bertl IIRC, the task cloning the space automatically gets that, yes?
1225473824 M * daniel_hozac yes.
1225473866 M * Bertl so, for the init less case all we need to di is disable the destruction mechanism, when pid=1 goes away
1225473868 Q * xdr Ping timeout: 480 seconds
1225473876 M * Bertl s/di/do
1225473889 M * daniel_hozac right
1225473899 M * Bertl for the init-less case with blend through init, we also need to do some magic to show the host init
1225473919 M * daniel_hozac i think we should just skip that.
1225473920 M * Bertl (or something close enough to make it work)
1225473934 M * daniel_hozac i quite liked your old patches to make a fake init.
1225473946 M * daniel_hozac i.e. no real process exists.
1225473998 M * Bertl okay, the question here is, would it be worth adding a real init to a guest without init? i.e. a minimal process which does the reaping but nothing else?
1225474037 M * Bertl it could be a dietlibc version which can be shared between all guests (which use it), no?
1225474046 M * daniel_hozac sure
1225474073 M * Bertl so the resource footprint should be near zero
1225474115 M * Bertl OTOH, if we get the dummy process stuff working, that's probably sufficient
1225474142 M * Bertl my question there is, how does userspace handle this case?
1225474158 M * daniel_hozac dummy process?
1225474173 M * Bertl the init which is only a skeletion (you mentioned above) I mean, we need to clone the pid space somehow, but still
1225474203 M * Bertl we need to reserve pid=1
1225474321 M * Bertl you were referring to the approach which created a basic, shared init for init-less guests (which was no real process, but just a few structures), right?
1225474409 M * daniel_hozac yeah.
1225474432 M * daniel_hozac i'm sorry, but i have to run. we'll have to continue this later.
1225474441 M * Bertl okay, no problem. cya!
1225474445 M * daniel_hozac cya!
1225475787 M * Bertl nap attack ... bbl
1225475792 N * Bertl Bertl_zZ
1225476507 Q * mtg Quit: Verlassend
1225477873 J * hijacker_ ~hijacker@213.91.163.5
1225477873 Q * hijacker Read error: Connection reset by peer
1225478168 J * cga ~weechat@94.36.121.222
1225480689 Q * derjohn Read error: Connection reset by peer
1225481983 J * chigital ~chigital@tmo-100-96.customers.d1-online.com
1225482733 J * ntrs ~ntrs@77.29.196.10
1225482916 Q * chigital Ping timeout: 480 seconds
1225483373 Q * gnuk Quit: NoFeature
1225483482 J * chigital ~chigital@tmo-100-236.customers.d1-online.com
1225484243 Q * hparker Quit: Quit
1225484690 J * dna ~dna@58-194-dsl.kielnet.net
1225484949 J * hparker ~hparker@linux.homershut.net
1225486311 J * Aiken ~Aiken@ppp118-208-49-170.lns4.bne1.internode.on.net
1225486312 Q * ntrs Read error: Connection reset by peer
1225486319 J * ntrs ~ntrs@77.29.196.10
1225486383 J * ntrs_ ~ntrs@77.29.198.55
1225486729 N * Bertl_zZ Bertl
1225486735 M * Bertl that was refreshing ...
1225486833 Q * ntrs Ping timeout: 480 seconds
1225487169 J * derjohn ~derjohn@80.69.41.3
1225487606 J * Junior01 ~Junior01@189.74.168.202
1225487875 P * Junior01 
1225488138 Q * ntrs_ Ping timeout: 480 seconds
1225488768 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1225489189 Q * dna Ping timeout: 480 seconds
1225491357 M * micah Bertl: can you help me understand what is lost with highmem enabled and less than 3gig? I'm trying to provide accurate reasons to waldi
1225491375 M * micah and my understanding of what is lost is very shallow, "its slower" 
1225491540 J * yarihm ~yarihm@77-56-182-18.dclient.hispeed.ch
1225491570 M * micah well, I do know that I/O Devices cannot directly address high memory from PCI space, so bounce buffers have to be used. Plus the virtual memory management and paging costs come with extra mappings.
1225491582 M * micah from reading some memory management descriptions
1225491993 Q * Aiken Read error: Operation timed out
1225492071 M * Bertl micah: the kernel basically has it's own address space
1225492096 M * Bertl and each process in userspace, gets an address space too
1225492114 M * Bertl (btw waldi should know about that stuff)
1225492149 M * Bertl so, the problem is not there as long as the kernel works on its own data, or userspace processes work on their own data
1225492177 M * Bertl to simplify things, linux does split the available address space (4GB) into two parts
1225492202 M * Bertl one part is 'assigned' to the kernel, the other one to 'userspace'
1225492229 M * Bertl this allows to keep the addresses apart and do a simple mapping from one to the other
1225492301 M * Bertl high memory needs to be mapped in (see kmap/_atomic) in the kernel
1225492336 M * micah ok...
1225492365 M * Bertl so, basically what happens with the 3/1 split (the default) the following happens
1225492414 M * Bertl on a 1GB machine, you end up with 128M of highmem (which requires highmem to be enabled and thus will give you additional checks for each access, and additional mapping for the 128M)
1225492451 M * Bertl on a 2GB machine, you will already have 1.1GB high mem, and the checks of course
1225492480 M * Bertl on a 3GB machine, you'll end up doing the additional mapping most of the time
1225492494 M * Bertl but, and that's the point, it's not really required
1225492519 M * Bertl if you choose the 2/2 split, for example, then up to 1.8GB can be used without any mapping
1225492544 M * Bertl if you select the 1/3 split, up to 2.8GB can be used without additional mapping
1225492580 M * Bertl the only downside of this setting is that the userspace apps won't be able to use up to 3GB of virtual address space
1225492586 M * Bertl (i.e. only 2GB or 1GB)
1225492599 M * micah waldi asserts that the kernel uses a static mapping in this case
1225492603 M * Bertl which, on such 'low memory' machines doesn't make that much sense either
1225492687 M * Bertl on a 32bit Linux-VServer kernel, I would almost always go for 1/3 splits because:
1225492720 M * Bertl if you actually need more than 3GB (2.8 to be precise) of memory, you better go for a 64bit machine/kernel (PAE is dog slow)
1225492760 M * Bertl and if you have up to 3GB of memory, you probably don't want to run a single memory hungry app (more likely many apps and guests)
1225492780 M * Bertl so the 1GB user address-space limit doesn't really affect you
1225492867 M * Bertl http://linux-mm.org/HighMemory
1225493085 J * Aiken ~Aiken@ppp118-208-112-231.lns4.bne4.internode.on.net
1225493113 M * micah Bertl: do you have info about PAE being slow?
1225493145 M * micah also, i appreciate the detailed information, its very useful
1225493174 M * Bertl the problem with PAE is that it introduces an additional indirection in the pagetable layout
1225493245 M * Bertl http://kerneltrap.org/node/2450
1225493257 M * Bertl (still regarding split)
1225493337 M * micah yeah I was reading http://kerneltrap.org/node/2450, but it was from 2004
1225493377 M * micah Bertl: that indirection has significant/noticable performance implications?
1225493380 M * Bertl well, not that much changed in the memory management and layout since then :)
1225493422 M * Bertl I got reports of folks extending from 3GB to 4GB and then to 8GB and getting a performance hit of over 50% memory wise
1225493445 M * micah x86_64 also introduces a layer of indirection too
1225493508 M * Bertl well, yes, but the mapping is constant, i.e. any application and the kernel can address all the space (unless you go over the 40/48 bits)
1225493525 M * micah thats a pretty significant memory hit
1225493531 M * Bertl with PAE, you have to map blocks in/out into the accessible memory space
1225493544 Q * chigital Ping timeout: 480 seconds
1225493648 M * micah i tried to get waldi to come here to discuss this, as I am relaying the information, but he doesn't come for some reason
1225493684 M * Bertl he will have his reasons :)
1225493697 M * micah yeah but he doesn't tell them
1225493717 M * Bertl that's fine with me, I don't need to know everything :)
1225493816 M * Bertl so my recommendation regarding server and memory layout goes like this:
1225493819 M * micah he seems to think that the PAE memory mapping is not that bad because taskswitches also include many mappings
1225493854 M * Bertl - if you have 1-3GB of memory, and a 32bit system, go for the 1/3 split and forget about the 128M you lose in the 3GB case
1225493872 M * Bertl - if you want/need more than 3GB, get yourself a 64bit system instead
1225493948 M * Bertl well, PAE is unnecessary if you have less than 4GB, and highmem is just slow/complicated
1225493992 M * Bertl if you have more than 4GB and still insist on running a 32bit system, PAE is your only chance, so go for it (but in general, a 64bit cpu will give you much better performance memory wise there)
1225494098 M * Bertl http://www.held.org.il/blog/?p=79
1225494120 M * Bertl the result from redhat seems to be that the overall performance hit stays below 10%
1225494135 Q * bonbons Quit: Leaving
1225494227 M * micah thats the http://people.redhat.com/nmurray/RHEL-2.1-VM-whitepaper.pdf?
1225494255 M * micah yeah
1225494257 M * Bertl note: I haven't researched the impact of PAE to Linux performance or to Linux-VServer performance
1225494362 M * micah ok, again, thanks! this was very educational for me
1225494366 M * micah i hope I can convince him :)
1225494369 M * Bertl you're welcome! 
1225494752 M * micah all of this stuff reminds me of DOS memory :)
1225494781 M * Bertl hehe, "640k should be enough for everyone" ?
1225494783 M * micah i know its quite different of course :)
1225494827 M * micah the XMS/EMS stuff, which I do not remember well
1225494852 M * micah haha yeah one of the commentors on that blog also mentions it
1225494860 M * micah "It worked, but it also thoroughly sucked (from both programmatic and performance perspectives)."
1225494914 M * Bertl well, if that isn't a good argument :)
1225495712 M * Bertl micah: note: if you find someone to sponsor it, I'm willing to do a full performance analysis of 32 vs 64bit and the effect of highmem/PAE on that
1225496284 Q * matti Ping timeout: 480 seconds
1225496666 J * matti matti@acrux.romke.net