[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v4 1/6] xen: do not free reserved memory into heap

  • To: Julien Grall <julien@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Penny Zheng <Penny.Zheng@xxxxxxx>
  • Date: Tue, 17 May 2022 08:21:31 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=38WAE1NxB8vuKcm9HzSrl5k1VF7Kujxlni79VItedlU=; b=Vbp22UUBcsSiaS0qw+SM4ygGOVQA3TQfTj89JoJizohNZDwRidq7p9Ro4a7nbuv3tz9uxj7+S3oWolE8QbSd0zqRnrPTbqXKFjNrNTaF4SFTOjCMYNiBceZyLYrfxPUerSdQjgy3VMhPsnC1HIp/lHCpgyDN2ysGxDxKnFLUTdyht2+vZV18tGw95rbNxRaeXqCQfOUqsfFcJDvCPln8tK7l7+ItII4lfT/+fMKRnpUcbAVUel3mI/369fCMmhtBRj9+6tAIsZdocwnoEWQNtRHlyTLRROqgd9Xbe11Kkcb2n4wYkkiUxDu1DpUjaLuSmOAD8STE4kVoVoCREtO7IA==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=38WAE1NxB8vuKcm9HzSrl5k1VF7Kujxlni79VItedlU=; b=c33fpYNfHMrH2jHkQaCNXD03amlnz3iuXXIq25rgl79zFS/HknRkvgQHzTv4yURxudU7PRFyjAYn+ugFZaCW7uVJguiaUpH4hc7ngOy/r717PYV/tQHGh0n6LxliaGHnC+L2Qr6CzTMn4xplSBc7FCebIdCqp5mGwfvGrfIsBKAC7hBVEf6T+KnOc7TZLEFJNUG1RUse6ysO2APpIirSUp0vOde6+Ph30SALQM10g09G0Ln7PANZTWCyO4RAPtdNJzF065uSt5ldOEBteH45pUKDBXWpez71i1zTlXJXZMxnjzjBkAiDH2m8PuIwnaTzNrEjrScZeDl8PoiU/J/aow==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=KhiIiRC9JdgKClaYd0Fvy1r+0PeJgwpa4Vc9h3aQo1GuS/6AhxAPekM8P4IvnfcdpsxyL6EBzrtCVaS+Ku+82EiATrRE4tXH5NSVsLH16VftKUh94Bzs1cEMMgiW0IhL6R56poDPpCqg1n4mVKgUcDXq05OpG/3hlECrSNV0u7Tykz9Eqa++g07uTaECx/TFYME/4zyqIJ6491S/gkJruAWvfD8MVAd80N2uFKJhYIDdJ+AxxBd9tyG2GGcVAOjIKGiHTkz0f8bG2i0vo25K/IEPwJ8QhCMx+fJVe0/gGF4ff8rp+g9looAFlf1sLB6f1OeWlyd3aVKNWBEUMISZKg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L7ZytOr2YLHaD3P0Oe1lQZcS5ShpvfVDmECp8meKra6qzYCqikFXT2uX628CbN5G6E2NGUsJBXHbsrJutf6gBNMD9VBIf1s4H1Dqi+4f+2esK9ULfE9bxEOhN9pJBF4T430Y/nWHvQUwKHeLjrOrbBvRpaMRUC9xQu9uTUQbZYWjG74+xW4HceBoXm1qFklJAvz7Ks/LcURTjJlkUF57oIgYRdg5qrL28FWxXz/68v0S1MwNHzXUqTG4e2luA6a9V639bvw8VNwWaq0KlQiJqTLtt6qBEOdv/PoKqhZjHHyH+RCI+4lADVH9TXsia5Z/xgqYqocOh+0NDcZufhIkdQ==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Wei Chen <Wei.Chen@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Tue, 17 May 2022 08:22:11 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHYZBWe/uxRZBdW10mDRgQaF95/K60h1bOAgADQseA=
  • Thread-topic: [PATCH v4 1/6] xen: do not free reserved memory into heap
Hi Julien

> -----Original Message-----
> From: Julien Grall <julien@xxxxxxx>
> Sent: Tuesday, May 17, 2022 2:01 AM
> To: Penny Zheng <Penny.Zheng@xxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx
> Cc: Wei Chen <Wei.Chen@xxxxxxx>; Andrew Cooper
> <andrew.cooper3@xxxxxxxxxx>; George Dunlap <george.dunlap@xxxxxxxxxx>;
> Jan Beulich <jbeulich@xxxxxxxx>; Stefano Stabellini <sstabellini@xxxxxxxxxx>;
> Wei Liu <wl@xxxxxxx>
> Subject: Re: [PATCH v4 1/6] xen: do not free reserved memory into heap
> 
> Hi Penny,
> 
> On 10/05/2022 03:27, Penny Zheng wrote:
> > Pages used as guest RAM for static domain, shall be reserved to this
> > domain only.
> > So in case reserved pages being used for other purpose, users shall
> > not free them back to heap, even when last ref gets dropped.
> >
> > free_staticmem_pages will be called by free_heap_pages in runtime for
> > static domain freeing memory resource, so let's drop the __init flag.
> >
> > Signed-off-by: Penny Zheng <penny.zheng@xxxxxxx>
> > ---
> > v4 changes:
> > - no changes
> > ---
> > v3 changes:
> > - fix possible racy issue in free_staticmem_pages()
> > - introduce a stub free_staticmem_pages() for the
> > !CONFIG_STATIC_MEMORY case
> > - move the change to free_heap_pages() to cover other potential call
> > sites
> > - fix the indentation
> > ---
> > v2 changes:
> > - new commit
> > ---
> >   xen/common/page_alloc.c | 17 ++++++++++++++---
> >   xen/include/xen/mm.h    |  2 +-
> >   2 files changed, 15 insertions(+), 4 deletions(-)
> >
> > diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index
> > 319029140f..5e569a48a2 100644
> > --- a/xen/common/page_alloc.c
> > +++ b/xen/common/page_alloc.c
> > @@ -1443,6 +1443,10 @@ static void free_heap_pages(
> >
> >       ASSERT(order <= MAX_ORDER);
> >
> > +    if ( pg->count_info & PGC_reserved )
> 
> NIT: I would suggest to use "unlikely()" here.
> 
> > +        /* Reserved page shall not go back to the heap. */
> > +        return free_staticmem_pages(pg, 1UL << order, need_scrub);
> > +
> >       spin_lock(&heap_lock);
> >
> >       for ( i = 0; i < (1 << order); i++ ) @@ -2636,8 +2640,8 @@
> > struct domain *get_pg_owner(domid_t domid)
> >
> >   #ifdef CONFIG_STATIC_MEMORY
> >   /* Equivalent of free_heap_pages to free nr_mfns pages of static
> > memory. */ -void __init free_staticmem_pages(struct page_info *pg,
> unsigned long nr_mfns,
> > -                                 bool need_scrub)
> > +void free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns,
> > +                          bool need_scrub)
> 
> Looking at the implementation of free_staticmem_pages(), the page will be
> scrubbed synchronously.
> 
> If I am not mistaken, static memory is not yet supported so I would be OK to
> continue with synchronous scrubbing. However, this will need to be
> asynchronous before we even consider to security support it.
> 

Yes,  I remembered that asynchronous is still on the to-do list for static 
memory.

If it doesn't bother too much to you, I would like to ask some help on this 
issue, ;).
I only knew basic knowledge on the scrubbing, I knew that dirty pages is placed 
at the
end of list heap(node, zone, order) for scrubbing and "first_dirty" is used to 
track down
the dirty pages. IMO, Both two parts are restricted to the heap thingy,  not 
reusable for
static memory, so maybe I need to re-write scrub_free_page for static memory, 
and also
link the need-to-scrub reserved pages to a new global list e.g.  
dirty_resv_list for aync
scrubbing?
 Any suggestions?

> BTW, SUPPORT.md doesn't seem to explicitely say whether static memory is
> supported. Would you be able to send a patch to update it? I think this should
> be tech preview for now.
> 

Sure, will do.

> >   {
> >       mfn_t mfn = page_to_mfn(pg);
> >       unsigned long i;
> > @@ -2653,7 +2657,8 @@ void __init free_staticmem_pages(struct page_info
> *pg, unsigned long nr_mfns,
> >           }
> >
> >           /* In case initializing page of static memory, mark it 
> > PGC_reserved. */
> > -        pg[i].count_info |= PGC_reserved;
> > +        if ( !(pg[i].count_info & PGC_reserved) )
> 
> NIT: I understand the flag may have already been set, but I am not convinced 
> if
> it is worth checking it and then set.
> 

Jan suggested that since we remove the __init from free_staticmem_pages, it's 
now in preemptable
state at runtime, so better be adding this check here. 

> > +            pg[i].count_info |= PGC_reserved;
> 
> 
> >       }
> >   }
> >
> > @@ -2762,6 +2767,12 @@ int __init acquire_domstatic_pages(struct
> > domain *d, mfn_t smfn,
> >
> >       return 0;
> >   }
> > +#else
> > +void free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns,
> > +                          bool need_scrub) {
> > +    ASSERT_UNREACHABLE();
> > +}
> >   #endif
> >
> >   /*
> > diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index
> > 3be754da92..9fd95deaec 100644
> > --- a/xen/include/xen/mm.h
> > +++ b/xen/include/xen/mm.h
> > @@ -85,10 +85,10 @@ bool scrub_free_pages(void);
> >   } while ( false )
> >   #define FREE_XENHEAP_PAGE(p) FREE_XENHEAP_PAGES(p, 0)
> >
> > -#ifdef CONFIG_STATIC_MEMORY
> >   /* These functions are for static memory */
> >   void free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns,
> >                             bool need_scrub);
> > +#ifdef CONFIG_STATIC_MEMORY
> >   int acquire_domstatic_pages(struct domain *d, mfn_t smfn, unsigned int
> nr_mfns,
> >                               unsigned int memflags);
> >   #endif
> 
> Cheers,
> 
> --
> Julien Grall

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.