[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] xen/mm: do not assign pages to a domain until they are scrubbed

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 26 Mar 2026 09:55:06 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HE7ORryyLVtL2YJ5K9R5RomXN1arImF+mWtVO7dyQMc=; b=j9zIxd6l4yFrH4jtj/0mu9YJA0JY3WwKhdRlS9ZfGt4jq01Dm6NsQtbcLusArw4ppWxw+rbeKCNH4nA/cqoQGMlyAVQeFVFxqVpyV4wTwrw4nWpPYsv1X5gcnPTaNWC/T7aF1J/qJJRsOEnZIcCUE/RrDnWI610Xo54aI588WeDHXTmxDD6izH6pwWeuD4aqoEzjtCBs2noxMwaCr7BhBmm9zRFpiSWBKIAcTXXZ5feuLxpwVuwIEhtm+eX9UFWxu2cS9Xln/ouHJdWW+Rs6SlrCOqZlCFlYTUi0a86bweYApNIt5VN4i3oSBaw2dDx3+P2EM32LzA/BvxU1ORyXKg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=aUSsAaQNY8utpGuNlcKOk95vv3jbIb3Qv7VeGtmQdYv7RbOiI4tiGr2Ys0GQ1J0avsjX/U2dVwSx2lwP7o0xZfIwPW7sHp3aoAVRcSdIvmcrz3bRQZCemyFVWO+97SgJt7t/pKO0d3p6efP+qILzfgmhR3XJ0WR73Y5eb/WuhSjbCqD6/2yT607pElOj8sKsWFJHgAydLvZDrl54dJRoaIgdhq6iU05Pq449HnUhDf/jE31YKpciN5NGZ+qbaNDEn8Lg0pZ5NdJ52VbDD9llyh4PGlybPuT1njcfDkcfTSLBwE2ns8C3dOzl8QKwh1DkTw6JAK7d5JGFEDMcHprfmg==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 26 Mar 2026 08:55:18 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Mar 26, 2026 at 09:18:14AM +0100, Jan Beulich wrote:
> On 25.03.2026 17:54, Roger Pau Monné wrote:
> > On Wed, Mar 25, 2026 at 05:26:01PM +0100, Roger Pau Monné wrote:
> >> On Wed, Mar 25, 2026 at 03:56:05PM +0100, Jan Beulich wrote:
> >>> On 25.03.2026 11:08, Roger Pau Monne wrote:
> >>>>  * Disallow XENMEM_decrease_reservation until the domain has finished
> >>>>    creation would fix the issue of pages being freed while pending scrub,
> >>>>    but it's not clear there might be other usages that would be 
> >>>> problematic,
> >>>>    as get_page() on non-scrubbed pages would still return success.
> >>>
> >>> I agree this is of concern.
> >>>
> >>>> --- a/xen/common/memory.c
> >>>> +++ b/xen/common/memory.c
> >>>> @@ -388,6 +388,12 @@ static void populate_physmap(struct memop_args *a)
> >>>>                              goto out;
> >>>>                          }
> >>>>                      }
> >>>> +
> >>>> +                    if ( assign_page(page, a->extent_order, d, 
> >>>> memflags) )
> >>>> +                    {
> >>>> +                        free_domheap_pages(page, a->extent_order);
> >>>
> >>> The pages don't have an owner set yet, so that function will go straight
> >>> to free_heap_pages(), needlessly passing "true" as last argument. Correct,
> >>> but (for large pages, which the stashing is about) highly inefficient.
> >>
> >> My bad, I was sure I was using the same freeing function as
> >> alloc_domheap_pages() on failure to assign, but I clearly wasn't.  I
> >> will switch to using free_heap_pages().
> > 
> > Coming back to this, I can export free_heap_pages(), but then the call
> > would also unconditionally have need_scrub == true, as the pages have
> > been allocated without scrubbing.
> 
> But the assign_page() call is here to have the scrubbing done ahead of
> it, so re-scrubbing after freeing shouldn't be necessary?

I think I've done what you suggested in patch 3 of the v2.  For the
call here, yes, we could entirely avoid the scrubbing.  For the other
free_domheap_pages() calls in stash_allocation() and
get_stashed_allocation() respectively we need to be more careful as
some pages will still be pending scrub.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.