WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] RE: [PATCH] Unmmap guest's EPT mapping for poison memory

from [Jiang, Yunhong] [Permanent Link][Original]
To: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Subject: [Xen-devel] RE: [PATCH] Unmmap guest's EPT mapping for poison memory
From: "Jiang, Yunhong" <yunhong.jiang@xxxxxxxxx>
Date: Fri, 16 Jul 2010 14:45:21 +0800
Accept-language: en-US
Acceptlanguage: en-US
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <Keir.Fraser@xxxxxxxxxxxxx>
Delivery-date: Thu, 15 Jul 2010 23:47:32 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20100715151238.GG13291@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <789F9655DD1B8F43B48D77C5D30659731F571361@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20100714092808.GB13291@xxxxxxxxxxxxxxxxxxxxxxx> <789F9655DD1B8F43B48D77C5D30659731F5714FA@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20100715151238.GG13291@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcskMC0hFXxJVW1+QYWfa2YCXFqEBAAfo+HQ
Thread-topic: [PATCH] Unmmap guest's EPT mapping for poison memory 

>-----Original Message-----
>From: Tim Deegan [mailto:Tim.Deegan@xxxxxxxxxx]
>Sent: Thursday, July 15, 2010 11:13 PM
>To: Jiang, Yunhong
>Cc: Keir Fraser; xen-devel
>Subject: Re: [PATCH] Unmmap guest's EPT mapping for poison memory
>
>Hi,
>
>At 14:56 +0100 on 14 Jul (1279119388), Jiang, Yunhong wrote:
>> >Or any of the other types?  This should be called for ram_ro, and
>> >ram_logdirty certainly, and probably mmio_direct too.
>>
>> Yes, we need consider rw/ro/logdirty. Thanks for remind and will fix
>> it. But why should we cover mmio_direct? Can you please give some
>> hints?
>
>I've seen cases where people use mmio_direct to point at actual memory,
>in order to allow uncached mappings.

Thanks for notify this.

>
>> For ram_shared, it deserve more consideration, seems currently the
>> shared memory situation is not handled in the whole offline page flow.
>
>Or vice versa.  I'm happy to ack an initial patch that deals with the
>easy cases, though.
>
>> >I'm not sure that it's safe to nobble other types - e.g. changing from
>> >grant_map_*, paging_* or ram_shared might break state-machines/refcounts
>> >elsewhere.
>>
>> I think this code does not change anything for the refcounts, we simply 
>> destroy the
>guest.
>> Or you mean race happens when other components is changing the p2m table 
>> also?
>I assume that should be ok since we only query the type and destroy the guest.
>> Did I missed anything?
>
>No, I was just suggesting that if you do handle other p2m types here
>it might not be safe to change a page from shared, grant-map &c to
>broken because it would cause bugs in the sharing/granting code.

Yes, agree. Maybe I need have a look on grant-map in future for PV guest.

>
>> The background here is: In some platform, system can find poison
>> memory through like memory scrubbing or L3 cache explicit write back
>> (i.e. async memory checking, not in current context). However,
>> whenenever the poison memory is accessed, it will cause fatal MCE and
>> system crash. So we need make sure the guest can't access the broken
>> memory.
>
>OK - you're protecting against a _host_ crash here?  Now I understand,
>thanks.
>
>In that case I definitely suggest that you move the domain_crash()
>into the p2m lookup functions - all p2m lookups of a broken page should
>return type=broken, and non-"query" p2m lookups should call
>domain_crash() too.   That will catch all the MMIO-emulator and shadow
>paths for free.

Ok, I will try this way.

>
>If you also signal qemu-dm to blow its mapcache that will catch DMA too
>(since it won't be able to re-map the broken page) though it's
>unfortunate to have to rely on good behaviour from qemu-dm for safety.
>Presumably the PV patches will solve that in a better way.

Yes, I will defer it to PV.

>
>Cheers,
>
>Tim.
>

>P.S. Another thing I forgot - please wrap the code that sets the type to
>     broken in a "#ifdef __x86_64__"; it won't work on 32-bit.

I'm not sure. At least it should work for EPT on 32-bit, since EPT table can 
support >8 p2m type per my understanding.

Thanks
--jyh

>
>--
>Tim Deegan <Tim.Deegan@xxxxxxxxxx>
>Principal Software Engineer, XenServer Engineering
>Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Estimating CPU utilization of DomU, Gaurav Dhiman
Next by Date:  [Xen-devel] Re: Even faster page copy for Xen?, Keir Fraser
Previous by Thread:  [Xen-devel] Re: [PATCH] Unmmap guest's EPT mapping for poison memory, Tim Deegan
Next by Thread:  [Xen-devel] Re: [PATCH] Unmmap guest's EPT mapping for poison memory, Tim Deegan
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy