[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Reducing or removing direct map from xen (was Re: Ongoing/future speculative mitigation work)

On Thu, Jan 24, 2019 at 11:44:55AM +0000, Wei Liu wrote:
> 3. Implement xenheap using vmap infrastructure
> This helps preserve xenheap's "always mapped" property. At the moment,
> vmap relies on xenheap, we want to turn this relationship around.
> There is a loop what needs breaking in the new world:
>   alloc_xenheap_pages -> vmap -> __vmap -> map_pages_to_xen ->
>     virt_to_xen_l1e -> alloc_xen_pagetable -> alloc_xenheap_page -> vmap ...
> Two options were proposed to break this loop:
>   3.1 Pre-populate all page tables for vmap region

Now that we have this ...

>   3.2 Switch page table allocation to use domheap page
> The other work item is to track page<->virt relationship so that
> conversion functions (_to_virt etc) continue to work. For PoC purpose,
> putting a void * into page_info is good enough. But in the future we
> want to have a separate array for tracking so that page_info stays power
> of two in size.

I started working on some prototyping code for the rest of this major
work item. Conversion functions are a bit messy to deal with (I have no
idea whether my modifications are totally correct at this point), but
the most major issue I see is an optimisation done by xmalloc which
isn't compatible with vmap.

So xmalloc has this optimisation: it will allocate a high-order page
from xenheap when necessary and then attempt to break that up and return
the unused portion.  Vmap uses bitmap to track address space usage, and
it mandates a guard page before every address space allocation. What
xmalloc does is to free a portion of the address space, which isn't
really supported by vmap.

I came up with two options yesterday:

1. Remove the optimisation in xmalloc
2. Make vmap able to break up allocation

Neither looks great to me. The first is simple but potentially wasteful
(how much is wasted?). The second requires non-trivial modification to
vmap, essentially removing the mandatory guard page. In comparison the
first is easier and safer.

I would like to hear people's thought on this. Comments are welcome.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.