xen/x86: domain: Remove specific case when allocating struct domain

[Xen-devel] [PATCH] xen/x86: domain: Remove specific case when allocating struct domain

Posted by Julien Grall 4 years, 3 months ago

From: Julien Grall <jgrall@amazon.com>

Commit 8916fcf4577 "x86/domain: compile with lock_profile=y enabled"
allowed the struct domain to use more than a PAGE_SIZE (i.e 4096).
However, the function free_domheap_struct() will only free the first
page.

We could modify the free part to free the correct number of pages, but
the structure has been fitting in a page (even with lock profile
enabled) since commit 428607a410 "x86: shrink 'struct domain', was
already PAGE_SIZE" (part of Xen 4.7).

Therefore, the specific case for lock profile is now removed.

This is not a security issue because struct domain can only be bigger
than a page size for lock profiling. The feature can only be selected
in DEBUG and EXPERT mode.

Fixes: 8916fcf4577 ("x86/domain: compile with lock_profile=y enabled")
Reported-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Julien Grall <jgrall@amazon.com>

---

This replace the original approach:

https://lists.xenproject.org/archives/html/xen-devel/2020-01/msg01546.html
---
 xen/arch/x86/domain.c | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 28fefa1f81..f53ae5ff86 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -313,7 +313,6 @@ static unsigned int __init noinline _domain_struct_bits(void)
 struct domain *alloc_domain_struct(void)
 {
     struct domain *d;
-    unsigned int order = get_order_from_bytes(sizeof(*d));
 #ifdef CONFIG_BIGMEM
     const unsigned int bits = 0;
 #else
@@ -327,18 +326,10 @@ struct domain *alloc_domain_struct(void)
          bits = _domain_struct_bits();
 #endif
 
-
-#ifndef CONFIG_DEBUG_LOCK_PROFILE
     BUILD_BUG_ON(sizeof(*d) > PAGE_SIZE);
-#endif
-    d = alloc_xenheap_pages(order, MEMF_bits(bits));
+    d = alloc_xenheap_pages(0, MEMF_bits(bits));
     if ( d != NULL )
-    {
-        unsigned int sz;
-
-        for ( sz = 0; sz < (PAGE_SIZE << order); sz += PAGE_SIZE )
-            clear_page((void *)d + sz);
-    }
+        clear_page(d);
     return d;
 }
 
-- 
2.17.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH] xen/x86: domain: Remove specific case when allocating struct domain

Posted by Andrew Cooper 4 years, 3 months ago

On 27/01/2020 09:38, Julien Grall wrote:
> From: Julien Grall <jgrall@amazon.com>
>
> Commit 8916fcf4577 "x86/domain: compile with lock_profile=y enabled"
> allowed the struct domain to use more than a PAGE_SIZE (i.e 4096).
> However, the function free_domheap_struct() will only free the first
> page.
>
> We could modify the free part to free the correct number of pages, but
> the structure has been fitting in a page (even with lock profile
> enabled) since commit 428607a410 "x86: shrink 'struct domain', was
> already PAGE_SIZE" (part of Xen 4.7).
>
> Therefore, the specific case for lock profile is now removed.
>
> This is not a security issue because struct domain can only be bigger
> than a page size for lock profiling. The feature can only be selected
> in DEBUG and EXPERT mode.
>
> Fixes: 8916fcf4577 ("x86/domain: compile with lock_profile=y enabled")
> Reported-by: David Woodhouse <dwmw@amazon.co.uk>
> Signed-off-by: Julien Grall <jgrall@amazon.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Thanks.  Much better!

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel