[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages

To: George Dunlap <george.dunlap@xxxxxxxxxx>
From: Wei Liu <wei.liu2@xxxxxxxxxx>
Date: Tue, 7 May 2019 10:57:34 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Eslam Elnikety <elnikety@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 07 May 2019 09:57:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, May 07, 2019 at 10:55:51AM +0100, George Dunlap wrote:
> On 5/6/19 1:46 PM, Eslam Elnikety wrote:
> > Give the administrator further control on when to scrub domheap pages by 
> > adding
> > an option to always scrub. This is a safety feature that, when enabled,
> > prevents a (buggy) domain from leaking secrets if it accidentally frees a 
> > page
> > without proper scrubbing.
> > 
> > Signed-off-by: Eslam Elnikety <elnikety@xxxxxxxxxx>
> 
> Now that I think about it -- Andy, isn't there a patch in the XenServer
> patchqueue to enable scrubbing by default?
> 
> I'm wondering if this should default to 'true', and people who really
> want the extra performance should turn it off.
> 
> Only one other minor comment:
> 
> > ---
> >  docs/misc/xen-command-line.pandoc |  8 ++++++++
> >  xen/common/page_alloc.c           | 11 +++++++++--
> >  2 files changed, 17 insertions(+), 2 deletions(-)
> > 
> > diff --git a/docs/misc/xen-command-line.pandoc 
> > b/docs/misc/xen-command-line.pandoc
> > index 7dcb22932a..5a92949c5a 100644
> > --- a/docs/misc/xen-command-line.pandoc
> > +++ b/docs/misc/xen-command-line.pandoc
> > @@ -270,6 +270,14 @@ and not running softirqs. Reduce this if softirqs are 
> > not being run frequently
> >  enough. Setting this to a high value may cause boot failure, particularly 
> > if
> >  the NMI watchdog is also enabled.
> >  
> > +### scrub_domheap
> > +> `= <boolean>`
> > +
> > +> Default: `false`
> > +
> > +Scrub domains' freed pages. This is a safety net against a (buggy) domain
> > +accidentally leaking secrets by releasing pages without proper 
> > sanitization.
> > +
> >  ### clocksource (x86)
> >  > `= pit | hpet | acpi | tsc`
> >  
> > diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
> > index be44158033..678a00ac9b 100644
> > --- a/xen/common/page_alloc.c
> > +++ b/xen/common/page_alloc.c
> > @@ -214,6 +214,12 @@ custom_param("bootscrub", parse_bootscrub_param);
> >  static unsigned long __initdata opt_bootscrub_chunk = MB(128);
> >  size_param("bootscrub_chunk", opt_bootscrub_chunk);
> >  
> > +/*
> > + * scrub_domheap -> Domheap pages are scrubbed when freed
> > + */
> > +static bool_t opt_scrub_domheap = 0;

Please change bool_t to bool and 0 to false while you're at it. :-)

Wei.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
  - From: Eslam Elnikety
- Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
Next by Date: Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
Previous by thread: Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
Next by thread: Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.