[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages

To: "Eslam Elnikety" <elnikety@xxxxxxxxxx>,<george.dunlap@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 07 May 2019 04:03:58 -0600
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 07 May 2019 10:04:11 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 07.05.19 at 11:55, <george.dunlap@xxxxxxxxxx> wrote:
> On 5/6/19 1:46 PM, Eslam Elnikety wrote:
>[...]
> I'm wondering if this should default to 'true', and people who really
> want the extra performance should turn it off.

Why would we want to cater for buggy guests by default?

>> --- a/docs/misc/xen-command-line.pandoc
>> +++ b/docs/misc/xen-command-line.pandoc
>> @@ -270,6 +270,14 @@ and not running softirqs. Reduce this if softirqs are 
>> not being run frequently
>>  enough. Setting this to a high value may cause boot failure, particularly if
>>  the NMI watchdog is also enabled.
>>  
>> +### scrub_domheap
>> +> `= <boolean>`
>> +
>> +> Default: `false`
>> +
>> +Scrub domains' freed pages. This is a safety net against a (buggy) domain
>> +accidentally leaking secrets by releasing pages without proper sanitization.
>> +
>>  ### clocksource (x86)
>>  > `= pit | hpet | acpi | tsc`

The entries here are alphabetically sorted, so the addition wants to
move down quite a bit.

>> --- a/xen/common/page_alloc.c
>> +++ b/xen/common/page_alloc.c
>> @@ -214,6 +214,12 @@ custom_param("bootscrub", parse_bootscrub_param);
>>  static unsigned long __initdata opt_bootscrub_chunk = MB(128);
>>  size_param("bootscrub_chunk", opt_bootscrub_chunk);
>>  
>> +/*
>> + * scrub_domheap -> Domheap pages are scrubbed when freed
>> + */
>> +static bool_t opt_scrub_domheap = 0;
>> +boolean_param("scrub_domheap", opt_scrub_domheap);
> 
> I'm sure Jan will request this to be 'scrub-domheap' instead (not using
> '_' when you can use '-').

Indeed, plus use "bool", drop the pointless initializer, and correct
the style of the (single line) comment.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
  - From: George Dunlap
- Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
  - From: Eslam Elnikety
- Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
Next by Date: Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
Previous by thread: Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
Next by thread: Re: [Xen-devel] [PATCH] mm: option to _always_ scrub freed domheap pages
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.