[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/6] xen/arm: do not free reserved memory into heap

  • To: Penny Zheng <Penny.Zheng@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 19 Apr 2022 10:59:19 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=48XwLC/W+Kxl27AAaNKf45XWcc22vF10YUV+IQVqgko=; b=kSQoemizx6QL2ARWpdXlhGu7y9329KtK+rX1bFrnFZ3LV1n9bqDsMslOIJmSv5jjgksoE9fpTY3Sm2y/uilSqmUhlImkII/IkrJW7upKPYBBjzZ2kqw9vsL6iFHhsRe/0SZXG2WRQRA/rmQutbKFGzvwhYeB242iwKEc+4j8Yzl0o1+xP317wXbUIWvwHit4EyhBZb9ZZhXXvk+Kcu4SJpOXBQ+9+n8IIoNg43qrQOnJKC0FmWuv6bRZuezEzxFC2nKMY4Fhz7EwEqT2XvJT6XPokavcgjqKl+KjNaPDLIybP/1lamKUuYBFORlTctp0dZmN0QSWUMvMW7+eIHn9qA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iphg67w0/3CQFbun3gUfRxGjTX6iooNEBF9STPx9DCpJTQm1o2G9jE2AfSuQDG4D3Es/1+jqRyCg9PdR7uRYYnEvhQmwCltvPNWNKxdC4YBh9MDYwK5qaYfyLM+TLFT11SeOmPSoTO3vlriQv0hnrmgjApuixXTJ3Tynf3BwIBCiFcyq3C4YgDxsCsgUGNejQB6brltMs8hvFL4fUo9klkBGPmrhg+EcHdK9ZzfnqHvLJY4q919/+zmTZqvqpe/oXAZig7PqGdTaVS5N8JgH8s31aS4Qgs7Ce60X4hiawkW2CpiZA82jdOtRKbVNEHj/BRlGdA0xsWaSDhjDM0BpCA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: wei.chen@xxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 19 Apr 2022 08:59:37 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 18.04.2022 14:22, Penny Zheng wrote:
> Pages as guest RAM for static domain, shall be reserved to this domain only.

Is there "used" missing as the 2nd word of the sentence?

> So in case reserved pages being used for other purpose, users
> shall not free them back to heap, even when last ref gets dropped.
> 
> free_staticmem_pages will be called by free_domheap_pages in runtime
> for static domain freeing memory resource, so let's drop the __init
> flag.
> 
> Signed-off-by: Penny Zheng <penny.zheng@xxxxxxx>
> ---
> v2 changes:
> - new commit
> ---
>  xen/common/page_alloc.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)

With this diffstat the patch subject prefix is somewhat misleading;
I first thought I could skip this patch.

> --- a/xen/common/page_alloc.c
> +++ b/xen/common/page_alloc.c
> @@ -2488,7 +2488,13 @@ void free_domheap_pages(struct page_info *pg, unsigned 
> int order)
>              scrub = 1;
>          }
>  
> -        free_heap_pages(pg, order, scrub);
> +#ifdef CONFIG_STATIC_MEMORY
> +        if ( pg->count_info & PGC_reserved )
> +            /* Reserved page shall not go back to the heap. */
> +            free_staticmem_pages(pg, 1 << order, scrub);

1UL with, in particular, the function parameter by "unsigned long".

By calling free_staticmem_pages() at runtime, you make the previous race
free (because of init-time only) update of .count_info there racy. Making
a clone of that function just for this difference would likely be
excessive, so I'd suggest to change the code there to

        /* In case initializing page of static memory, mark it PGC_reserved. */
        if ( !(pg[i].count_info & PGC_reserved) )
            pg[i].count_info |= PGC_reserved;

> +        else
> +#endif
> +            free_heap_pages(pg, order, scrub);

Of course it would be nice to avoid the #ifdef-ary here. May I ask
that you introduce a stub free_staticmem_pages() for the
!CONFIG_STATIC_MEMORY case, such that the construct can become

        if ( !(pg->count_info & PGC_reserved) )
            free_heap_pages(pg, order, scrub);
        else
            /* Reserved page shall not go back to the heap. */
            free_staticmem_pages(pg, 1 << order, scrub);

Another question is whether the distinction should be made here in
the first place. Would it perhaps better belong in free_heap_pages()
itself, thus also covering other potential call sites? Of course
this depends on where, long term, reserved pages can / will be used.
For domains to be truly static, Xen's own allocations to manage the
domain may also want to come from the reserved set ...

> @@ -2636,7 +2642,7 @@ struct domain *get_pg_owner(domid_t domid)
>  
>  #ifdef CONFIG_STATIC_MEMORY
>  /* Equivalent of free_heap_pages to free nr_mfns pages of static memory. */
> -void __init free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns,
> +void free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns,
>                                   bool need_scrub)

This line now wants its indentation adjusted.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.