[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v10 8/9] xen: retrieve reserved pages on populate_physmap

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Penny Zheng <Penny.Zheng@xxxxxxx>
  • Date: Tue, 6 Sep 2022 07:14:23 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j7SYwP74Mbd5KJGLOVL+JMRE8GAuoLm9NruCqdPOXZw=; b=YiSU2NHF4bbNXulJOhRA9hxOhntR1xAo3OJ0MdHA9EasaKqQZTRoL+YEYKz++fdrNyPNOx/bZye8lMRsGnZDjZOegBseLYdqFvxoddq4NqiFrgW9xFjpkYnIr7guFC2RjGIOkZ+Gc/U7UWMd5fvYhJqKv994k5oHCnzPRs0ISirrfMpkBjdllnCLu3Lp9nDBbyeYgCZAHdYfaq737eZd2e91Gl03PM4zpOv+1m1Y3N9maduDSWxgtvDVrClujLNx/kah5kp41F75gKLKLv+X0K2Q08YV6p+YlFAGIV+5qsg8b8d14C9oetIKcUSC9Y3KLkJqD43KcUv7As/cxO2+QQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j7SYwP74Mbd5KJGLOVL+JMRE8GAuoLm9NruCqdPOXZw=; b=jJlXP2hnP5t0FBxTAcwNtnn5gv6P7KJiplEgAMWH0ZnSNg2w7DAm2W1LmFpMZuVi4gqHG8QgdVSkPcjB2hfBOT8tE5cQnYd58pbrajNMek1JLwe7fwAEJuQTq2/HJjC0TCoLIasezDipMgVXz8dooyhbVPDKkqw78IKp8ICpUhYYm2SsSJRbWH+r5ThxL0t794BJ8pO4sP/o9swM9RQpO4hNV1nhoqJfH1duBY/CxNFHtyua1b5wGMI3Q74f7wTXYgAcOSBa7Z5Pyqs6VpQNiyXS8xOVhcpU1YemQFRfPJUvYXCXtb1HLZuwZSWyhrI1K6IJGRm+AYceodnOweLBKw==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=ekk0TnT6eZ8s6M+NTeLW6Hzon8Lid4zDQfAJfOceKFPypOxJrSUUCC4SdukxWuTj3dXzUugPR+WyfSCs7T6G8p1pBZQdeErxxNa4IF7Lon2X/193BnBbigU0zXx1uddgx2Cz9XI9VOugP1hYs/qRGg4c4KzXEd7fKbM3vyKw7JuVXGkhsmEQHX4UyVuCICeMB0ocnPDavhAug9SEzXkD78kFNRQDnwDyaupLVV5fB61+ZnKfA7vhwSNhr89puSEYShUPqi7MtEeM0kv0/Ns+TtCiZhQa2n/0tnIsbFPqGVqIv/3QNpnmpoZVgb2Ihm8qkzWHzbVdF4flsAWKIRH/nA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VvbI79a/q82Yee9yA7ED0p4LmdQaNZiUOxUwQ+2bNnayIrx9nd1jPBEk9BNjFUISbvtmrPB58WVd9zP6PtB+4qh6tuHMW8RZYtyqJcPlxHGjbodTfehn3LeMLGfvNU6UbkhKZDvGrOqd+ZKTiSiXfWhTb9hYEY7FxmRyj6e5HIs5z2k810cSa40QFwePX9mBcgIIp0MMiS8tsBhcw2oRc5KKGf84VvKfkc9xP64IrZwnOqB08eNI0WrXHjfaBVM6Hot0zajyO8YLgll09dxy7cgftkaQU/JDQqa8L/PuBXwHYArf5AOe8BJM7hkGXMS/fE2HsmVDsXhzMNBzjcPwdg==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Wei Chen <Wei.Chen@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 06 Sep 2022 07:14:49 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHYsRk4bhBJQxIp9UysK0xEJzOLuK2y32KAgB2pAvCAAYqqgIAABv8g
  • Thread-topic: [PATCH v10 8/9] xen: retrieve reserved pages on populate_physmap
Hi Jan

> -----Original Message-----
> From: Jan Beulich <jbeulich@xxxxxxxx>
> Sent: Tuesday, September 6, 2022 2:34 PM
> To: Penny Zheng <Penny.Zheng@xxxxxxx>
> Cc: Wei Chen <Wei.Chen@xxxxxxx>; Andrew Cooper
> <andrew.cooper3@xxxxxxxxxx>; George Dunlap <george.dunlap@xxxxxxxxxx>;
> Julien Grall <julien@xxxxxxx>; Stefano Stabellini <sstabellini@xxxxxxxxxx>;
> Wei Liu <wl@xxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [PATCH v10 8/9] xen: retrieve reserved pages on
> populate_physmap
> 
> On 05.09.2022 09:08, Penny Zheng wrote:
> > Hi jan
> >
> >> -----Original Message-----
> >> From: Jan Beulich <jbeulich@xxxxxxxx>
> >> Sent: Wednesday, August 17, 2022 6:05 PM
> >> To: Penny Zheng <Penny.Zheng@xxxxxxx>
> >> Cc: Wei Chen <Wei.Chen@xxxxxxx>; Andrew Cooper
> >> <andrew.cooper3@xxxxxxxxxx>; George Dunlap
> >> <george.dunlap@xxxxxxxxxx>; Julien Grall <julien@xxxxxxx>; Stefano
> >> Stabellini <sstabellini@xxxxxxxxxx>; Wei Liu <wl@xxxxxxx>;
> >> xen-devel@xxxxxxxxxxxxxxxxxxxx
> >> Subject: Re: [PATCH v10 8/9] xen: retrieve reserved pages on
> >> populate_physmap
> >>
> >> On 16.08.2022 04:36, Penny Zheng wrote:
> >>> @@ -2867,6 +2854,61 @@ int __init acquire_domstatic_pages(struct
> >>> domain *d, mfn_t smfn,
> >>>
> >>>      return 0;
> >>>  }
> >>> +
> >>> +/*
> >>> + * Acquire nr_mfns contiguous pages, starting at #smfn, of static
> >>> +memory,
> >>> + * then assign them to one specific domain #d.
> >>> + */
> >>> +int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn,
> >>> +                                   unsigned int nr_mfns, unsigned
> >>> +int
> >>> +memflags) {
> >>> +    struct page_info *pg;
> >>> +
> >>> +    ASSERT_ALLOC_CONTEXT();
> >>> +
> >>> +    pg = acquire_staticmem_pages(smfn, nr_mfns, memflags);
> >>> +    if ( !pg )
> >>> +        return -ENOENT;
> >>> +
> >>> +    if ( assign_domstatic_pages(d, pg, nr_mfns, memflags) )
> >>> +        return -EINVAL;
> >>> +
> >>> +    return 0;
> >>> +}
> >>> +
> >>> +/*
> >>> + * Acquire a page from reserved page list(resv_page_list), when
> >>> +populating
> >>> + * memory for static domain on runtime.
> >>> + */
> >>> +mfn_t acquire_reserved_page(struct domain *d, unsigned int
> >>> +memflags) {
> >>> +    struct page_info *page;
> >>> +
> >>> +    ASSERT_ALLOC_CONTEXT();
> >>> +
> >>> +    /* Acquire a page from reserved page list(resv_page_list). */
> >>> +    spin_lock(&d->page_alloc_lock);
> >>> +    page = page_list_remove_head(&d->resv_page_list);
> >>> +    spin_unlock(&d->page_alloc_lock);
> >>> +    if ( unlikely(!page) )
> >>> +        return INVALID_MFN;
> >>> +
> >>> +    if ( !prepare_staticmem_pages(page, 1, memflags) )
> >>> +        goto fail;
> >>> +
> >>> +    if ( assign_domstatic_pages(d, page, 1, memflags) )
> >>> +        goto fail_assign;
> >>> +
> >>> +    return page_to_mfn(page);
> >>> +
> >>> + fail_assign:
> >>> +    free_staticmem_pages(page, 1, memflags & MEMF_no_scrub);
> >>
> >> Doesn't this need to be !(memflags & MEMF_no_scrub)? And then - with
> >
> > I got a bit confused about this flag MEMF_no_scrub, does it mean no
> > need to scrub?
> 
> Yes, as its name says.
> 
> > Since I saw that in alloc_domheap_pages(...)
> >     if ( assign_page(pg, order, d, memflags) )
> >     {
> >         free_heap_pages(pg, order, memflags & MEMF_no_scrub);
> >         return NULL;
> >     }
> > It doesn't contain exclamation mark too...
> 
> Hmm, you're right - on these error paths the scrubbing is needed if the page
> wasn't previously scrubbed, as part of the set of pages may have been
> transiently exposed to the guest (and by guessing it may have been able to
> actually access the pages; I'm inclined to say it's its own fault though if 
> that
> way information is being leaked).
> 

Then, the same for the acquire_domstatic_pages(...)

    if ( assign_pages(pg, nr_mfns, d, memflags) )
    {
        free_staticmem_pages(pg, nr_mfns, memflags & MEMF_no_scrub);
        return -EINVAL;
    }
On this error path, it has misused the MEMF_no_scrub too.
But IMO, as we are talking about these pages will always be reserved to the 
guest,
maybe here it also doesn't need scrubbing at all?
 
> But ...
> 
> >> assignment having failed and with it being just a single page we're
> >> talking about, the page was not exposed to the guest at any point
> >> afaict. So I don't see the need for scrubbing in the first place.
> 
> while my comment wasn't really correct, as said - you don't need any
> scrubbing here at all, I think.
> 
> Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.