From: "Jan Beulich" <JBeulich@suse.com>
To: Eslam Elnikety <elnikety@amazon.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
Julien Grall <julien.grall@arm.com>,
xen-devel <xen-devel@lists.xenproject.org>,
Amit Shah <aams@amazon.com>
Subject: Re: [PATCH v2] mm: option to _always_ scrub freed domheap pages
Date: Tue, 07 May 2019 06:11:33 -0600 [thread overview]
Message-ID: <5CD175F5020000780022C7EF@prv1-mh.provo.novell.com> (raw)
In-Reply-To: <20190507113405.71851-1-elnikety@amazon.com>
>>> On 07.05.19 at 13:34, <elnikety@amazon.com> wrote:
> --- a/xen/common/page_alloc.c
> +++ b/xen/common/page_alloc.c
> @@ -214,6 +214,10 @@ custom_param("bootscrub", parse_bootscrub_param);
> static unsigned long __initdata opt_bootscrub_chunk = MB(128);
> size_param("bootscrub_chunk", opt_bootscrub_chunk);
>
> + /* scrub-domheap -> Domheap pages are scrubbed when freed */
> +static bool __read_mostly opt_scrub_domheap;
> +boolean_param("scrub-domheap", opt_scrub_domheap);
Upon 2nd thought this, btw, would seem to be an excellent candidate
for becoming a runtime parameter.
> @@ -2378,9 +2382,10 @@ void free_domheap_pages(struct page_info *pg, unsigned int order)
> /*
> * Normally we expect a domain to clear pages before freeing them,
> * if it cares about the secrecy of their contents. However, after
> - * a domain has died we assume responsibility for erasure.
> + * a domain has died we assume responsibility for erasure. We do
> + * scrub regardless if option scrub_domheap is set.
> */
> - scrub = d->is_dying || scrub_debug;
> + scrub = d->is_dying || scrub_debug || opt_scrub_domheap;
Did you consider setting opt_scrub_domheap when scrub_debug is
set? This would shorten the (runtime) calculation here by a tiny bit,
at the price of doing one more thing once while booting.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
WARNING: multiple messages have this Message-ID (diff)
From: "Jan Beulich" <JBeulich@suse.com>
To: "Eslam Elnikety" <elnikety@amazon.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
Julien Grall <julien.grall@arm.com>,
xen-devel <xen-devel@lists.xenproject.org>,
Amit Shah <aams@amazon.com>
Subject: Re: [Xen-devel] [PATCH v2] mm: option to _always_ scrub freed domheap pages
Date: Tue, 07 May 2019 06:11:33 -0600 [thread overview]
Message-ID: <5CD175F5020000780022C7EF@prv1-mh.provo.novell.com> (raw)
Message-ID: <20190507121133.3E_asuS8O9hS-Wb4J62t8QliHALE5ZreJsQaf1iMDPw@z> (raw)
In-Reply-To: <20190507113405.71851-1-elnikety@amazon.com>
>>> On 07.05.19 at 13:34, <elnikety@amazon.com> wrote:
> --- a/xen/common/page_alloc.c
> +++ b/xen/common/page_alloc.c
> @@ -214,6 +214,10 @@ custom_param("bootscrub", parse_bootscrub_param);
> static unsigned long __initdata opt_bootscrub_chunk = MB(128);
> size_param("bootscrub_chunk", opt_bootscrub_chunk);
>
> + /* scrub-domheap -> Domheap pages are scrubbed when freed */
> +static bool __read_mostly opt_scrub_domheap;
> +boolean_param("scrub-domheap", opt_scrub_domheap);
Upon 2nd thought this, btw, would seem to be an excellent candidate
for becoming a runtime parameter.
> @@ -2378,9 +2382,10 @@ void free_domheap_pages(struct page_info *pg, unsigned int order)
> /*
> * Normally we expect a domain to clear pages before freeing them,
> * if it cares about the secrecy of their contents. However, after
> - * a domain has died we assume responsibility for erasure.
> + * a domain has died we assume responsibility for erasure. We do
> + * scrub regardless if option scrub_domheap is set.
> */
> - scrub = d->is_dying || scrub_debug;
> + scrub = d->is_dying || scrub_debug || opt_scrub_domheap;
Did you consider setting opt_scrub_domheap when scrub_debug is
set? This would shorten the (runtime) calculation here by a tiny bit,
at the price of doing one more thing once while booting.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-05-07 12:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-07 11:34 [PATCH v2] mm: option to _always_ scrub freed domheap pages Eslam Elnikety
2019-05-07 11:34 ` [Xen-devel] " Eslam Elnikety
2019-05-07 12:11 ` Jan Beulich [this message]
2019-05-07 12:11 ` Jan Beulich
2019-05-07 13:15 ` George Dunlap
2019-05-07 13:15 ` [Xen-devel] " George Dunlap
2019-05-07 13:55 ` Jan Beulich
2019-05-07 13:55 ` [Xen-devel] " Jan Beulich
2019-05-07 23:37 ` Elnikety, Eslam
2019-05-07 23:37 ` [Xen-devel] " Elnikety, Eslam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5CD175F5020000780022C7EF@prv1-mh.provo.novell.com \
--to=jbeulich@suse.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=aams@amazon.com \
--cc=andrew.cooper3@citrix.com \
--cc=elnikety@amazon.com \
--cc=julien.grall@arm.com \
--cc=konrad.wilk@oracle.com \
--cc=sstabellini@kernel.org \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.