RE: [Xen-devel] New heap API and scrubbing

[Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>]

> Are there any cases now where free_XXXheap_pages
> might free up pages that could be grabbed by
> another domain and those pages have not been
> scrubbed?

No replies on this part so following up to myself...

For tmem, I'm trying to determine under what circumstances
pages free'd to xenheap or domheap must be scrubbed.
Ideally, I'd like to free directly to the scrub list
so the standard page_scrub_timer mechanism will
scrub them.  I looked but the mechanism doesn't
appear to be easily accessible.

Moreover, it appears that there are MANY calls throughout
Xen to free_XXXheap_page/s() but I don't see much code
that scrubs the pages before freeing them.  Isn't
this a potential security issue?  Perhaps it should
be easier to free+scrub pages?

I'm thinking that free_XXXheap_pages should have
a parameter (or a sister function) that results
in freeing but also putting the pages on the
scrub list.  Something like:

void free_domheap_pages_scrub(x,y,scrub)
{
// existing free_domheap_pages code with
// a few changes to handle scrub param
}

#define free_domheap_pages(x,y) \
     free_domheap_pages_scrub(x,y,0)

(and similar for free_xenheap_pages().)

Then, over time, each call to free_XXXheap_pages
can/should be examined to see whether it should
scrub or not.

Comments?  Any thoughts on how to approach
this problem differently?

Also, I am maintaining a list of pages (using the
new page_list mechanism) that (in some cases) will
need to be "free+scrub".  So I'd like to be able
to pass an entire list to the scrub
list, rather than remove each page from one list
(in tmem) and insert it into the scrub list.
Essentially a list_splice (from list.h).
Is this feasible/reasonable?

Dan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel