|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] mm/page_alloc: add bootscrub=idle cmdline option
Scrubbing RAM during boot may take a long time on machines with lots
of RAM. Add 'idle' option which marks all pages dirty initially so they
would eventually be scrubbed in idle-loop on every online CPU.
Performance of idle-loop scrubbing is worse than bootscrub but it's
guaranteed that the allocator will return scrubbed pages by doing
eager scrubbing during allocation (unless MEMF_no_scrub was provided).
Signed-off-by: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
---
CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
CC: Jan Beulich <jbeulich@xxxxxxxx>
CC: Julien Grall <julien.grall@xxxxxxx>
CC: Tim Deegan <tim@xxxxxxx>
---
docs/misc/xen-command-line.markdown | 7 +++++-
xen/common/page_alloc.c | 36 +++++++++++++++++++++++++----
2 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/docs/misc/xen-command-line.markdown
b/docs/misc/xen-command-line.markdown
index 1ffd586224..4c60905837 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -227,7 +227,7 @@ that byte `0x12345678` is bad, you would place
`badpage=0x12345` on
Xen's command line.
### bootscrub
-> `= <boolean>`
+> `= <boolean> | idle`
> Default: `true`
@@ -235,6 +235,11 @@ Scrub free RAM during boot. This is a safety feature to
prevent
accidentally leaking sensitive VM data into other VMs if Xen crashes
and reboots.
+In `idle` mode, RAM is scrubbed in background on all CPUs during idle-loop
+with a guarantee that memory allocations always provide scrubbed pages.
+This option reduces boot time on machines with a large amount of RAM while
+still providing security benefits.
+
### bootscrub\_chunk
> `= <size>`
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index 16e1b0c357..c85f44874a 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -161,8 +161,32 @@ string_param("badpage", opt_badpage);
/*
* no-bootscrub -> Free pages are not zeroed during boot.
*/
-static bool_t opt_bootscrub __initdata = 1;
-boolean_param("bootscrub", opt_bootscrub);
+enum {
+ BOOTSCRUB_OFF = 0,
+ BOOTSCRUB_ON,
+ BOOTSCRUB_IDLE,
+};
+static int __read_mostly opt_bootscrub = BOOTSCRUB_ON;
+static int __init parse_bootscrub_param(const char *s)
+{
+ if ( *s == '\0' )
+ return 0;
+
+ if ( !strcmp(s, "idle") )
+ opt_bootscrub = BOOTSCRUB_IDLE;
+ else
+ opt_bootscrub = parse_bool(s, NULL);
+
+ if ( opt_bootscrub < 0 )
+ {
+ opt_bootscrub = BOOTSCRUB_ON;
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+custom_param("bootscrub", parse_bootscrub_param);
/*
* bootscrub_chunk -> Amount of bytes to scrub lockstep on non-SMT CPUs
@@ -1763,7 +1787,8 @@ static void init_heap_pages(
nr_pages -= n;
}
- free_heap_pages(pg + i, 0, scrub_debug);
+ free_heap_pages(pg + i, 0, scrub_debug ||
+ opt_bootscrub == BOOTSCRUB_IDLE);
}
}
@@ -2039,8 +2064,11 @@ void __init heap_init_late(void)
*/
setup_low_mem_virq();
- if ( opt_bootscrub )
+ if ( opt_bootscrub == BOOTSCRUB_ON )
scrub_heap_pages();
+ else if ( opt_bootscrub == BOOTSCRUB_IDLE )
+ printk("Scrubbing Free RAM on %d nodes in background\n",
+ num_online_nodes());
}
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |