| Message ID | dc05dc908f0a39e26e589099a4dd79404d5f32b2.1698589351.git.matias.vara@vates.fr (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add a new acquire resource to query vcpu statistics | expand |
On 31.10.2023 17:22, Matias Ezequiel Vara Larsen wrote: > This commit prevents PGT_none type pages to be validated/devalidated. This isn't quite true. It is rather the case that (de)validation of this type is trivial, and hence can be short-circuited just like is done for certain other types. > This is required for the use-case in which a guest-agnostic resource is > allocated. In this case, these pages may be accessible by an "owning" PV > domain. To lock the page from guest pov, pages are required to be marked > with PGT_none with a single type ref. In particular, this commit makes > the stats_table resource type to use this flag during > get_page_and_type(). Imo the change here wants to come first, so that stats_vcpu_alloc_mfn() can use PGT_none right away (rather than being transiently broken). Beyond that I think justification needs extending here. In particular, "lock the page" is at best misleading, considering page_lock() and PGT_locked that we have. What you mean is "lock the page read-only". You may want to further refer to the place where this is also done (share_xen_page_with_guest()), just without get_page_and_type(). This is not the least to explain why share_xen_page_with_guest() cannot be used for your purpose, or why doing it this way is a better approach (potentially then wanting using elsewhere as well). Jan
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 5812321cae..d2f311abe4 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2787,6 +2787,7 @@ static int _put_page_type(struct page_info *page, unsigned int flags, { case 0: if ( unlikely((nx & PGT_type_mask) <= PGT_l4_page_table) && + unlikely((nx & PGT_type_mask) >= PGT_l1_page_table) && likely(nx & (PGT_validated|PGT_partial)) ) { int rc; @@ -3072,7 +3073,7 @@ static int _get_page_type(struct page_info *page, unsigned long type, * * per validate_page(), non-atomic updates are fine here. */ - if ( type == PGT_writable_page || type == PGT_shared_page ) + if ( type == PGT_writable_page || type == PGT_shared_page || type == PGT_none ) page->u.inuse.type_info |= PGT_validated; else { diff --git a/xen/common/memory.c b/xen/common/memory.c index 2acac40c63..e26ba21d75 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1254,7 +1254,7 @@ static int stats_vcpu_alloc_mfn(struct domain *d) for ( i = 0; i < nr_frames; i++ ) { - if ( unlikely(!get_page_and_type(&pg[i], d, PGT_writable_page)) ) + if ( unlikely(!get_page_and_type(&pg[i], d, PGT_none)) ) /* * The domain can't possibly know about this page yet, so failure * here is a clear indication of something fishy going on.
This commit prevents PGT_none type pages to be validated/devalidated. This is required for the use-case in which a guest-agnostic resource is allocated. In this case, these pages may be accessible by an "owning" PV domain. To lock the page from guest pov, pages are required to be marked with PGT_none with a single type ref. In particular, this commit makes the stats_table resource type to use this flag during get_page_and_type(). Signed-off-by: Matias Ezequiel Vara Larsen <matias.vara@vates.fr> --- xen/arch/x86/mm.c | 3 ++- xen/common/memory.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)