Xen project Mailing List

Re: [Xen-devel] [PATCH v2] mm: option to _always_ scrub freed domheap pages

From: "Elnikety, Eslam" <elnikety@xxxxxxxxxx>

Date: Tue, 7 May 2019 23:37:25 +0000

Accept-language: en-US

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Shah, Amit" <aams@xxxxxxxxx>

Delivery-date: Tue, 07 May 2019 23:37:47 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHVBMjJBtqGYWqQmEamnl6TYzwOz6ZfknOAgAC/oAA=

Thread-topic: [PATCH v2] mm: option to _always_ scrub freed domheap pages

> On 7. May 2019, at 14:11, Jan Beulich <JBeulich@xxxxxxxx> wrote: > >>>> On 07.05.19 at 13:34, <elnikety@xxxxxxxxxx> wrote: >> --- a/xen/common/page_alloc.c >> +++ b/xen/common/page_alloc.c >> @@ -214,6 +214,10 @@ custom_param("bootscrub", parse_bootscrub_param); >> static unsigned long __initdata opt_bootscrub_chunk = MB(128); >> size_param("bootscrub_chunk", opt_bootscrub_chunk); >> >> + /* scrub-domheap -> Domheap pages are scrubbed when freed */ >> +static bool __read_mostly opt_scrub_domheap; >> +boolean_param("scrub-domheap", opt_scrub_domheap); > > Upon 2nd thought this, btw, would seem to be an excellent candidate > for becoming a runtime parameter. True. > >> @@ -2378,9 +2382,10 @@ void free_domheap_pages(struct page_info *pg, >> unsigned int order) >> /* >> * Normally we expect a domain to clear pages before freeing >> them, >> * if it cares about the secrecy of their contents. However, >> after >> - * a domain has died we assume responsibility for erasure. >> + * a domain has died we assume responsibility for erasure. We do >> + * scrub regardless if option scrub_domheap is set. >> */ >> - scrub = d->is_dying || scrub_debug; >> + scrub = d->is_dying || scrub_debug || opt_scrub_domheap; > > Did you consider setting opt_scrub_domheap when scrub_debug is > set? This would shorten the (runtime) calculation here by a tiny bit, > at the price of doing one more thing once while booting. Interesting. I have not particularly thought about that. Granted; this would shorten the “scrub” bool calculation. One would probably define a bool ‘always_scrub’ that gets set at boot ‘always_scrub = scrub_debug || opt_scrub_domheap’, and use that new bool in the hunk at hand here. (Having opt_scrub_domheap as a runtime parameter and re-evaluating always_scrub should not be much of a complication either). In any case, given your response to George earlier, I would rather decouple these improvements from this patch. I would be happy to re-work these improvements at a later point if the community feels strongly about them. > > Jan > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.