From patchwork Wed Aug 16 18:33:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Boris Ostrovsky X-Patchwork-Id: 9904487 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B7D7E600CA for ; Wed, 16 Aug 2017 18:33:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ABA2B28A47 for ; Wed, 16 Aug 2017 18:33:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A056F28A4B; Wed, 16 Aug 2017 18:33:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 2A41C28A49 for ; Wed, 16 Aug 2017 18:33:15 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1di35j-0005Xd-V7; Wed, 16 Aug 2017 18:30:55 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1di35i-0005Wp-9b for xen-devel@lists.xen.org; Wed, 16 Aug 2017 18:30:54 +0000 Received: from [85.158.137.68] by server-13.bemta-3.messagelabs.com id 8A/D0-01862-D5F84995; Wed, 16 Aug 2017 18:30:53 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupkkeJIrShJLcpLzFFi42KZM10+UDe6f0q kwcb3BhZLPi5mcWD0OLr7N1MAYxRrZl5SfkUCa8bq15PYCnaoVsz8+4WtgbFdtouRi0NIYDKT xJwJX1ghnN+MEvefzmCEcDYwSqx/2Qvl9DBKfDj6GqiMk4NNwEji7NHpjCC2iIC0xLXPl8GKm AWmMUns/fYOLCEsYCVxevFZNhCbRUBV4uymC8wgNq+Ap8S2JbOYQGwJAQWJKQ/fg8U5Bbwk1m 5fB1YvBFSz5MNBZogaY4m+WX0sExj5FjAyrGJUL04tKkst0jXTSyrKTM8oyU3MzNE1NDDWy00 tLk5MT81JTCrWS87P3cQIDJZ6BgbGHYxX2pwPMUpyMCmJ8nrlT4kU4kvKT6nMSCzOiC8qzUkt PsQow8GhJMHL2QeUEyxKTU+tSMvMAYYtTFqCg0dJhHdGD1Cat7ggMbc4Mx0idYpRl+PVhP/fm IRY8vLzUqXEed/2AhUJgBRllObBjYDF0CVGWSlhXkYGBgYhnoLUotzMElT5V4ziHIxKwrzMIJ fwZOaVwG16BXQEE9ARV9ongRxRkoiQkmpgvMmhyDclV9Zzwsk/JU4ujH3Rcy8udZm/9uSE/D+ XA7V4mVdPqXTOXKqgXcFUxrL9mMR1TeGGyYXPdHf+Xbcssv3fxyf/lP/lzr576aCXeH+VwaK/ i96K7yk7mT6nRHdZ8drIl1dMT0fdvii77e+XYIFH///O23HVxOiq6tXLhjscV3BcCJyz/o0SS 3FGoqEWc1FxIgBLvYM+nAIAAA== X-Env-Sender: boris.ostrovsky@oracle.com X-Msg-Ref: server-13.tower-31.messagelabs.com!1502908249!105742354!1 X-Originating-IP: [156.151.31.81] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogMTU2LjE1MS4zMS44MSA9PiAyODgzMzk=\n X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 43354 invoked from network); 16 Aug 2017 18:30:51 -0000 Received: from userp1040.oracle.com (HELO userp1040.oracle.com) (156.151.31.81) by server-13.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 16 Aug 2017 18:30:51 -0000 Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v7GIUf8v022383 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Aug 2017 18:30:41 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id v7GIUeTs000710 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Aug 2017 18:30:40 GMT Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v7GIUdFg003353; Wed, 16 Aug 2017 18:30:40 GMT Received: from ovs104.us.oracle.com (/10.149.76.204) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 16 Aug 2017 11:30:39 -0700 From: Boris Ostrovsky To: xen-devel@lists.xen.org Date: Wed, 16 Aug 2017 14:33:14 -0400 Message-Id: <1502908394-9760-9-git-send-email-boris.ostrovsky@oracle.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1502908394-9760-1-git-send-email-boris.ostrovsky@oracle.com> References: <1502908394-9760-1-git-send-email-boris.ostrovsky@oracle.com> X-Source-IP: aserv0021.oracle.com [141.146.126.233] Cc: sstabellini@kernel.org, wei.liu2@citrix.com, George.Dunlap@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, tim@xen.org, julien.grall@arm.com, jbeulich@suse.com, Boris Ostrovsky Subject: [Xen-devel] [PATCHES v8 8/8] mm: Make sure pages are scrubbed X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Add a debug Kconfig option that will make page allocator verify that pages that were supposed to be scrubbed are, in fact, clean. Signed-off-by: Boris Ostrovsky Reviewed-by: Jan Beulich --- xen/Kconfig.debug | 7 ++++++ xen/common/page_alloc.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 69 insertions(+), 1 deletion(-) diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug index 689f297..195d504 100644 --- a/xen/Kconfig.debug +++ b/xen/Kconfig.debug @@ -114,6 +114,13 @@ config DEVICE_TREE_DEBUG logged in the Xen ring buffer. If unsure, say N here. +config SCRUB_DEBUG + bool "Page scrubbing test" + default DEBUG + ---help--- + Verify that pages that need to be scrubbed before being allocated to + a guest are indeed scrubbed. + endif # DEBUG || EXPERT endmenu diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 34c45be..388b121 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -170,6 +170,10 @@ boolean_param("bootscrub", opt_bootscrub); static unsigned long __initdata opt_bootscrub_chunk = MB(128); size_param("bootscrub_chunk", opt_bootscrub_chunk); +#ifdef CONFIG_SCRUB_DEBUG +static bool __read_mostly boot_scrub_done; +#endif + /* * Bit width of the DMA heap -- used to override NUMA-node-first. * allocation strategy, which can otherwise exhaust low memory. @@ -694,6 +698,43 @@ static void page_list_add_scrub(struct page_info *pg, unsigned int node, page_list_add(pg, &heap(node, zone, order)); } +/* SCRUB_PATTERN needs to be a repeating series of bytes. */ +#ifndef NDEBUG +#define SCRUB_PATTERN 0xc2c2c2c2c2c2c2c2ULL +#else +#define SCRUB_PATTERN 0ULL +#endif +#define SCRUB_BYTE_PATTERN (SCRUB_PATTERN & 0xff) + +static void poison_one_page(struct page_info *pg) +{ +#ifdef CONFIG_SCRUB_DEBUG + mfn_t mfn = _mfn(page_to_mfn(pg)); + uint64_t *ptr; + + ptr = map_domain_page(mfn); + *ptr = ~SCRUB_PATTERN; + unmap_domain_page(ptr); +#endif +} + +static void check_one_page(struct page_info *pg) +{ +#ifdef CONFIG_SCRUB_DEBUG + mfn_t mfn = _mfn(page_to_mfn(pg)); + const uint64_t *ptr; + unsigned int i; + + if ( !boot_scrub_done ) + return; + + ptr = map_domain_page(mfn); + for ( i = 0; i < PAGE_SIZE / sizeof (*ptr); i++ ) + ASSERT(ptr[i] == SCRUB_PATTERN); + unmap_domain_page(ptr); +#endif +} + static void check_and_stop_scrub(struct page_info *head) { if ( head->u.free.scrub_state == BUDDY_SCRUBBING ) @@ -928,6 +969,9 @@ static struct page_info *alloc_heap_pages( * guest can control its own visibility of/through the cache. */ flush_page_to_ram(page_to_mfn(&pg[i]), !(memflags & MEMF_no_icache_flush)); + + if ( !(memflags & MEMF_no_scrub) ) + check_one_page(&pg[i]); } spin_unlock(&heap_lock); @@ -1291,7 +1335,10 @@ static void free_heap_pages( set_gpfn_from_mfn(mfn + i, INVALID_M2P_ENTRY); if ( need_scrub ) + { pg[i].count_info |= PGC_need_scrub; + poison_one_page(&pg[i]); + } } avail[node][zone] += 1 << order; @@ -1649,7 +1696,12 @@ static void init_heap_pages( nr_pages -= n; } +#ifndef CONFIG_SCRUB_DEBUG free_heap_pages(pg + i, 0, false); +#else + free_heap_pages(pg + i, 0, boot_scrub_done); +#endif + } } @@ -1915,6 +1967,10 @@ void __init scrub_heap_pages(void) printk("done.\n"); +#ifdef CONFIG_SCRUB_DEBUG + boot_scrub_done = true; +#endif + /* Now that the heap is initialized, run checks and set bounds * for the low mem virq algorithm. */ setup_low_mem_virq(); @@ -2188,12 +2244,16 @@ void free_domheap_pages(struct page_info *pg, unsigned int order) spin_unlock_recursive(&d->page_alloc_lock); +#ifndef CONFIG_SCRUB_DEBUG /* * Normally we expect a domain to clear pages before freeing them, * if it cares about the secrecy of their contents. However, after * a domain has died we assume responsibility for erasure. */ scrub = !!d->is_dying; +#else + scrub = true; +#endif } else { @@ -2285,7 +2345,8 @@ void scrub_one_page(struct page_info *pg) #ifndef NDEBUG /* Avoid callers relying on allocations returning zeroed pages. */ - unmap_domain_page(memset(__map_domain_page(pg), 0xc2, PAGE_SIZE)); + unmap_domain_page(memset(__map_domain_page(pg), + SCRUB_BYTE_PATTERN, PAGE_SIZE)); #else /* For a production build, clear_page() is the fastest way to scrub. */ clear_domain_page(_mfn(page_to_mfn(pg)));