| Message ID | 1389324476-9158-1-git-send-email-julien.grall@linaro.org |
|---|---|
| State | Accepted, archived |
| Headers | show |
On Fri, 2014-01-10 at 03:27 +0000, Julien Grall wrote: > Scrub heap pages was disabled because it was slow on the models. Now that Xen > supports real hardware, it's possible to enable by default scrubbing. > > Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com> > --- > This patch should go to Xen 4.4. It avoid to give non-cleared page to > a domain. > > The downside is it's now slow on models. There is a no-bootscrub command-line option which can be used in that case. Could you update the relevant model wiki pages to mention it please? > The current implementation of scrub_heap_pages loop on every page in the > frametable. On ARM, there is only which can contains MMIO. We are safe > because when frametable is initialized, page are marked inuse. So the > function won't clear theses pages. I don't think this behaviour is specific to ARM, x86 has MMIO regions mixed in with RAM as well. From an RM PoV I think this is a necessary fix since it can otherwise potentially leak information from a previous boot. I also think it is low risk, nothing should have been relying on non-zero content of any page. > --- > xen/arch/arm/setup.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c > index 9fc40c8..d7c7f4d 100644 > --- a/xen/arch/arm/setup.c > +++ b/xen/arch/arm/setup.c > @@ -764,10 +764,8 @@ void __init start_xen(unsigned long boot_phys_offset, > if ( construct_dom0(dom0) != 0) > panic("Could not set up DOM0 guest OS"); > > - /* Scrub RAM that is still free and so may go to an unprivileged domain. > - XXX too slow in simulator > - scrub_heap_pages(); > - */ > + /* Scrub RAM that is still free and so may go to an unprivileged domain. */ > + scrub_heap_pages(); > > init_constructors(); >
On 01/10/2014 09:52 AM, Ian Campbell wrote: > On Fri, 2014-01-10 at 03:27 +0000, Julien Grall wrote: >> Scrub heap pages was disabled because it was slow on the models. Now that Xen >> supports real hardware, it's possible to enable by default scrubbing. >> >> Signed-off-by: Julien Grall <julien.grall@linaro.org> > > Acked-by: Ian Campbell <ian.campbell@citrix.com> Thanks. >> --- >> This patch should go to Xen 4.4. It avoid to give non-cleared page to >> a domain. >> >> The downside is it's now slow on models. > > There is a no-bootscrub command-line option which can be used in that > case. Could you update the relevant model wiki pages to mention it > please? I have updated the wiki page. > >> The current implementation of scrub_heap_pages loop on every page in the >> frametable. On ARM, there is only which can contains MMIO. We are safe >> because when frametable is initialized, page are marked inuse. So the >> function won't clear theses pages. > > I don't think this behaviour is specific to ARM, x86 has MMIO regions > mixed in with RAM as well. I was not sure, so I prefered to explain why it's ok.
On Fri, 2014-01-10 at 13:48 +0000, Julien Grall wrote: > > On 01/10/2014 09:52 AM, Ian Campbell wrote: > > On Fri, 2014-01-10 at 03:27 +0000, Julien Grall wrote: > >> Scrub heap pages was disabled because it was slow on the models. Now that Xen > >> supports real hardware, it's possible to enable by default scrubbing. > >> > >> Signed-off-by: Julien Grall <julien.grall@linaro.org> > > > > Acked-by: Ian Campbell <ian.campbell@citrix.com> > > Thanks. Applied. > >> --- > >> This patch should go to Xen 4.4. It avoid to give non-cleared page to > >> a domain. > >> > >> The downside is it's now slow on models. > > > > There is a no-bootscrub command-line option which can be used in that > > case. Could you update the relevant model wiki pages to mention it > > please? > > I have updated the wiki page. Thanks.
On Fri, 2014-01-10 at 17:09 +0000, Ian Campbell wrote: > On Fri, 2014-01-10 at 13:48 +0000, Julien Grall wrote: > > > > On 01/10/2014 09:52 AM, Ian Campbell wrote: > > > On Fri, 2014-01-10 at 03:27 +0000, Julien Grall wrote: > > >> Scrub heap pages was disabled because it was slow on the models. Now that Xen > > >> supports real hardware, it's possible to enable by default scrubbing. > > >> > > >> Signed-off-by: Julien Grall <julien.grall@linaro.org> > > > > > > Acked-by: Ian Campbell <ian.campbell@citrix.com> > > > > Thanks. > > Applied. > > > >> --- > > >> This patch should go to Xen 4.4. It avoid to give non-cleared page to > > >> a domain. > > >> > > >> The downside is it's now slow on models. > > > > > > There is a no-bootscrub command-line option which can be used in that > > > case. Could you update the relevant model wiki pages to mention it > > > please? > > > > I have updated the wiki page. > > Thanks. You made it say "comment out the code" rather than advising to use the command line option like I suggested -- was that on purpose? Is something broken with the command line option? Ian
On 01/10/2014 05:51 PM, Ian Campbell wrote: > On Fri, 2014-01-10 at 17:09 +0000, Ian Campbell wrote: >> On Fri, 2014-01-10 at 13:48 +0000, Julien Grall wrote: >>> >>> On 01/10/2014 09:52 AM, Ian Campbell wrote: >>>> On Fri, 2014-01-10 at 03:27 +0000, Julien Grall wrote: >>>>> Scrub heap pages was disabled because it was slow on the models. Now that Xen >>>>> supports real hardware, it's possible to enable by default scrubbing. >>>>> >>>>> Signed-off-by: Julien Grall <julien.grall@linaro.org> >>>> >>>> Acked-by: Ian Campbell <ian.campbell@citrix.com> >>> >>> Thanks. >> >> Applied. >> >>>>> --- >>>>> This patch should go to Xen 4.4. It avoid to give non-cleared page to >>>>> a domain. >>>>> >>>>> The downside is it's now slow on models. >>>> >>>> There is a no-bootscrub command-line option which can be used in that >>>> case. Could you update the relevant model wiki pages to mention it >>>> please? >>> >>> I have updated the wiki page. >> >> Thanks. > > You made it say "comment out the code" rather than advising to use the > command line option like I suggested -- was that on purpose? > > Is something broken with the command line option? No, I thought we will need to create a command line. I will update the wiki page.
diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 9fc40c8..d7c7f4d 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -764,10 +764,8 @@ void __init start_xen(unsigned long boot_phys_offset, if ( construct_dom0(dom0) != 0) panic("Could not set up DOM0 guest OS"); - /* Scrub RAM that is still free and so may go to an unprivileged domain. - XXX too slow in simulator - scrub_heap_pages(); - */ + /* Scrub RAM that is still free and so may go to an unprivileged domain. */ + scrub_heap_pages(); init_constructors();
Scrub heap pages was disabled because it was slow on the models. Now that Xen supports real hardware, it's possible to enable by default scrubbing. Signed-off-by: Julien Grall <julien.grall@linaro.org> --- This patch should go to Xen 4.4. It avoid to give non-cleared page to a domain. The downside is it's now slow on models. The current implementation of scrub_heap_pages loop on every page in the frametable. On ARM, there is only which can contains MMIO. We are safe because when frametable is initialized, page are marked inuse. So the function won't clear theses pages. --- xen/arch/arm/setup.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)