Xen project Mailing List

[PATCH 08/12] x86/paging: deal with log-dirty stats overflow

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Fri, 25 Jun 2021 15:21:23 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wy8FFzMhJLtSUZVcqiSIXfxNx8LKO8CGNT1Vso9BXnI=; b=ZinHXSqxSVhYHFx3OZw2itEst3JyEsRHnobEngK6WPHFDF5Ka9np8Xo78CzcMaPsRYQYD5/7HJ9BDvUmtxTTGI5lpGzMvy7aZ4bN8w0HAIceqJjY3CcI8HGJTCoZTLTfkM6dpgZDOdLaAc4QULArxnAiKf4iLs9L0pCMOetfxtrE7MLY/nSWwfdZD+uQLrqdCkduPyKo9Sj0EX/e5pS9oJB1CVpXX1Pd09KXZf1a6zPRcWiPLjd1ySYSRRaGqK2DZaRV6btblYoCcHiEbmNlAZ3K2AGTKoBNeo2zKnyqoKeYcb+G1TykQl87A9POINdM65zyX+yJ3IJH+t3pkQn/Zg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hITg0nLH8FX36vG+D5jEqUK+gRj4dHHHtjvjWuaI6VG2nGyMEA/M/w7NftCeDa/lDWdk0L/51FHA12J/Rskt87kDwCAZR+0Bpi/4SbfXMbCjd41+HOt6DkwWuz5O2KiBdrjqPo/Bl567Ohhgyr97jgtt4ilOjOcTxzI6gs1Q2VMfNcmVjD2RkwEoY/Fp6NueC8KRjQwsPmdUhWq7YYaKVxGc2H1CAp4DOSlhWUQxCmcP27tJPSjfPsnjvIv6YVFFXWpRVpkZJOoptku58zC+AMmCkY1taq/xfzaPt6kO4CKIWz/pCt5+58Ls4qLLHA/yuOkKdMbtMWCKDItjx7//zQ==

Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>

Delivery-date: Fri, 25 Jun 2021 13:21:34 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

While the precise values are unlikely of interest once they exceed 4 billion (allowing us to leave alone the domctl struct), we still shouldn't wrap or truncate the actual values. It is in particular problematic if the truncated values were zero (causing libxenguest to skip an iteration altogether) or a very small value (leading to premature exiting of the pre-copy phase). Change the internal fields to unsigned long, and suitably saturate for copying to guest context. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -446,14 +446,16 @@ static int paging_log_dirty_op(struct do clean = (sc->op == XEN_DOMCTL_SHADOW_OP_CLEAN); - PAGING_DEBUG(LOGDIRTY, "log-dirty %s: dom %u faults=%u dirty=%u\n", + PAGING_DEBUG(LOGDIRTY, "log-dirty %s: dom %u faults=%lu dirty=%lu\n", (clean) ? "clean" : "peek", d->domain_id, d->arch.paging.log_dirty.fault_count, d->arch.paging.log_dirty.dirty_count); - sc->stats.fault_count = d->arch.paging.log_dirty.fault_count; - sc->stats.dirty_count = d->arch.paging.log_dirty.dirty_count; + sc->stats.fault_count = min(d->arch.paging.log_dirty.fault_count, + UINT32_MAX + 0UL); + sc->stats.dirty_count = min(d->arch.paging.log_dirty.dirty_count, + UINT32_MAX + 0UL); if ( guest_handle_is_null(sc->dirty_bitmap) ) /* caller may have wanted just to clean the state or access stats. */ --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -190,8 +190,8 @@ struct log_dirty_domain { unsigned int failed_allocs; /* log-dirty mode stats */ - unsigned int fault_count; - unsigned int dirty_count; + unsigned long fault_count; + unsigned long dirty_count; /* functions which are paging mode specific */ const struct log_dirty_ops {

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.