p***@xen.org
2018-11-20 15:11:35 UTC
commit 4be61c4d9b32603ac21154abdfebfc44abf42fd7
Author: Jan Beulich <***@suse.com>
AuthorDate: Tue Nov 20 15:57:50 2018 +0100
Commit: Jan Beulich <***@suse.com>
CommitDate: Tue Nov 20 15:57:50 2018 +0100
x86/shadow: move OOS flag bit positions
In preparation of reducing struct page_info's shadow_flags field to 16
bits, lower the bit positions used for SHF_out_of_sync and
SHF_oos_may_write.
Instead of also adjusting the open coded use in _get_page_type(),
introduce shadow_prepare_page_type_change() to contain knowledge of the
bit positions to shadow code.
This is part of XSA-280.
Signed-off-by: Jan Beulich <***@suse.com>
Reviewed-by: Tim Deegan <***@xen.org>
master commit: d68e1070c3e8f4af7a31040f08bdd98e6d6eac1d
master date: 2018-11-20 14:59:13 +0100
---
xen/arch/x86/mm.c | 11 ++---------
xen/arch/x86/mm/shadow/common.c | 23 +++++++++++++++++++++++
xen/arch/x86/mm/shadow/private.h | 4 ++--
xen/include/asm-x86/shadow.h | 8 ++++++++
4 files changed, 35 insertions(+), 11 deletions(-)
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 642dde4911..2b93efb504 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2762,15 +2762,8 @@ static int __get_page_type(struct page_info *page, unsigned long type,
{
struct domain *d = page_get_owner(page);
- /* Normally we should never let a page go from type count 0
- * to type count 1 when it is shadowed. One exception:
- * out-of-sync shadowed pages are allowed to become
- * writeable. */
- if ( d && shadow_mode_enabled(d)
- && (page->count_info & PGC_page_table)
- && !((page->shadow_flags & (1u<<29))
- && type == PGT_writable_page) )
- shadow_remove_all_shadows(d, _mfn(page_to_mfn(page)));
+ if ( d && shadow_mode_enabled(d) )
+ shadow_prepare_page_type_change(d, page, type);
ASSERT(!(x & PGT_pae_xen_l2));
if ( (x & PGT_type_mask) != type )
diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c
index 0fd45f6a46..dc7dfa69f8 100644
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -987,6 +987,9 @@ int sh_unsync(struct vcpu *v, mfn_t gmfn)
|| !v->domain->arch.paging.shadow.oos_active )
return 0;
+ BUILD_BUG_ON(!(typeof(pg->shadow_flags))SHF_out_of_sync);
+ BUILD_BUG_ON(!(typeof(pg->shadow_flags))SHF_oos_may_write);
+
pg->shadow_flags |= SHF_out_of_sync|SHF_oos_may_write;
oos_hash_add(v, gmfn);
perfc_incr(shadow_unsync);
@@ -2886,6 +2889,26 @@ void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all)
paging_unlock(d);
}
+void shadow_prepare_page_type_change(struct domain *d, struct page_info *page,
+ unsigned long new_type)
+{
+ if ( !(page->count_info & PGC_page_table) )
+ return;
+
+#if (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC)
+ /*
+ * Normally we should never let a page go from type count 0 to type
+ * count 1 when it is shadowed. One exception: out-of-sync shadowed
+ * pages are allowed to become writeable.
+ */
+ if ( (page->shadow_flags & SHF_oos_may_write) &&
+ new_type == PGT_writable_page )
+ return;
+#endif
+
+ shadow_remove_all_shadows(d, page_to_mfn(page));
+}
+
static void
sh_remove_all_shadows_and_parents(struct domain *d, mfn_t gmfn)
/* Even harsher: this is a HVM page that we thing is no longer a pagetable.
diff --git a/xen/arch/x86/mm/shadow/private.h b/xen/arch/x86/mm/shadow/private.h
index 58e37f35dc..0a37c2426f 100644
--- a/xen/arch/x86/mm/shadow/private.h
+++ b/xen/arch/x86/mm/shadow/private.h
@@ -287,8 +287,8 @@ static inline void sh_terminate_list(struct page_list_head *tmp_list)
* codepath is called during that time and is sensitive to oos issues, it may
* need to use the second flag.
*/
-#define SHF_out_of_sync (1u<<30)
-#define SHF_oos_may_write (1u<<29)
+#define SHF_out_of_sync (1u << (SH_type_max_shadow + 1))
+#define SHF_oos_may_write (1u << (SH_type_max_shadow + 2))
#endif /* (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC) */
diff --git a/xen/include/asm-x86/shadow.h b/xen/include/asm-x86/shadow.h
index 4c18a33808..b057f22af3 100644
--- a/xen/include/asm-x86/shadow.h
+++ b/xen/include/asm-x86/shadow.h
@@ -81,6 +81,10 @@ void shadow_final_teardown(struct domain *d);
void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all);
+/* Adjust shadows ready for a guest page to change its type. */
+void shadow_prepare_page_type_change(struct domain *d, struct page_info *page,
+ unsigned long new_type);
+
/* Discard _all_ mappings from the domain's shadows. */
void shadow_blow_tables_per_domain(struct domain *d);
@@ -96,6 +100,10 @@ void shadow_blow_tables_per_domain(struct domain *d);
static inline void sh_remove_shadows(struct domain *d, mfn_t gmfn,
bool_t fast, bool_t all) {}
+static inline void shadow_prepare_page_type_change(struct domain *d,
+ struct page_info *page,
+ unsigned long new_type) {}
+
static inline void shadow_blow_tables_per_domain(struct domain *d) {}
static inline int shadow_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.8
Author: Jan Beulich <***@suse.com>
AuthorDate: Tue Nov 20 15:57:50 2018 +0100
Commit: Jan Beulich <***@suse.com>
CommitDate: Tue Nov 20 15:57:50 2018 +0100
x86/shadow: move OOS flag bit positions
In preparation of reducing struct page_info's shadow_flags field to 16
bits, lower the bit positions used for SHF_out_of_sync and
SHF_oos_may_write.
Instead of also adjusting the open coded use in _get_page_type(),
introduce shadow_prepare_page_type_change() to contain knowledge of the
bit positions to shadow code.
This is part of XSA-280.
Signed-off-by: Jan Beulich <***@suse.com>
Reviewed-by: Tim Deegan <***@xen.org>
master commit: d68e1070c3e8f4af7a31040f08bdd98e6d6eac1d
master date: 2018-11-20 14:59:13 +0100
---
xen/arch/x86/mm.c | 11 ++---------
xen/arch/x86/mm/shadow/common.c | 23 +++++++++++++++++++++++
xen/arch/x86/mm/shadow/private.h | 4 ++--
xen/include/asm-x86/shadow.h | 8 ++++++++
4 files changed, 35 insertions(+), 11 deletions(-)
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 642dde4911..2b93efb504 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2762,15 +2762,8 @@ static int __get_page_type(struct page_info *page, unsigned long type,
{
struct domain *d = page_get_owner(page);
- /* Normally we should never let a page go from type count 0
- * to type count 1 when it is shadowed. One exception:
- * out-of-sync shadowed pages are allowed to become
- * writeable. */
- if ( d && shadow_mode_enabled(d)
- && (page->count_info & PGC_page_table)
- && !((page->shadow_flags & (1u<<29))
- && type == PGT_writable_page) )
- shadow_remove_all_shadows(d, _mfn(page_to_mfn(page)));
+ if ( d && shadow_mode_enabled(d) )
+ shadow_prepare_page_type_change(d, page, type);
ASSERT(!(x & PGT_pae_xen_l2));
if ( (x & PGT_type_mask) != type )
diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c
index 0fd45f6a46..dc7dfa69f8 100644
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -987,6 +987,9 @@ int sh_unsync(struct vcpu *v, mfn_t gmfn)
|| !v->domain->arch.paging.shadow.oos_active )
return 0;
+ BUILD_BUG_ON(!(typeof(pg->shadow_flags))SHF_out_of_sync);
+ BUILD_BUG_ON(!(typeof(pg->shadow_flags))SHF_oos_may_write);
+
pg->shadow_flags |= SHF_out_of_sync|SHF_oos_may_write;
oos_hash_add(v, gmfn);
perfc_incr(shadow_unsync);
@@ -2886,6 +2889,26 @@ void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all)
paging_unlock(d);
}
+void shadow_prepare_page_type_change(struct domain *d, struct page_info *page,
+ unsigned long new_type)
+{
+ if ( !(page->count_info & PGC_page_table) )
+ return;
+
+#if (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC)
+ /*
+ * Normally we should never let a page go from type count 0 to type
+ * count 1 when it is shadowed. One exception: out-of-sync shadowed
+ * pages are allowed to become writeable.
+ */
+ if ( (page->shadow_flags & SHF_oos_may_write) &&
+ new_type == PGT_writable_page )
+ return;
+#endif
+
+ shadow_remove_all_shadows(d, page_to_mfn(page));
+}
+
static void
sh_remove_all_shadows_and_parents(struct domain *d, mfn_t gmfn)
/* Even harsher: this is a HVM page that we thing is no longer a pagetable.
diff --git a/xen/arch/x86/mm/shadow/private.h b/xen/arch/x86/mm/shadow/private.h
index 58e37f35dc..0a37c2426f 100644
--- a/xen/arch/x86/mm/shadow/private.h
+++ b/xen/arch/x86/mm/shadow/private.h
@@ -287,8 +287,8 @@ static inline void sh_terminate_list(struct page_list_head *tmp_list)
* codepath is called during that time and is sensitive to oos issues, it may
* need to use the second flag.
*/
-#define SHF_out_of_sync (1u<<30)
-#define SHF_oos_may_write (1u<<29)
+#define SHF_out_of_sync (1u << (SH_type_max_shadow + 1))
+#define SHF_oos_may_write (1u << (SH_type_max_shadow + 2))
#endif /* (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC) */
diff --git a/xen/include/asm-x86/shadow.h b/xen/include/asm-x86/shadow.h
index 4c18a33808..b057f22af3 100644
--- a/xen/include/asm-x86/shadow.h
+++ b/xen/include/asm-x86/shadow.h
@@ -81,6 +81,10 @@ void shadow_final_teardown(struct domain *d);
void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all);
+/* Adjust shadows ready for a guest page to change its type. */
+void shadow_prepare_page_type_change(struct domain *d, struct page_info *page,
+ unsigned long new_type);
+
/* Discard _all_ mappings from the domain's shadows. */
void shadow_blow_tables_per_domain(struct domain *d);
@@ -96,6 +100,10 @@ void shadow_blow_tables_per_domain(struct domain *d);
static inline void sh_remove_shadows(struct domain *d, mfn_t gmfn,
bool_t fast, bool_t all) {}
+static inline void shadow_prepare_page_type_change(struct domain *d,
+ struct page_info *page,
+ unsigned long new_type) {}
+
static inline void shadow_blow_tables_per_domain(struct domain *d) {}
static inline int shadow_domctl(struct domain *d, xen_domctl_shadow_op_t *sc,
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.8