From nobody Mon May 6 15:09:53 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1610982438; cv=none; d=zohomail.com; s=zohoarc; b=Lw6KD2UQazQxs9TOrFRQIehQDlfgg1vyS3sQ42nTQjAkennXNVgHR3q/uSo4pL+vaJ+T7UyFOGhDIK2LGxYjBlUBBkhWEf+7mag1axhQnicxrm9Ds472rRpuMLNQkYqVrEDp/H8ydedGCoAvGcZbxlr0OOW7j3uxDqKw17wwARI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1610982438; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=l2ROgjbjXSki+DGSqqG3iXC30mOKPlU91yeDgmEyzCs=; b=LfsxNWaGxZ/U2MQd6M/3fMtcp0MC6E3MJTrnvbk6z8JkdmzewTf4k0NklIrAK6bSg5p1hxduj7AS6PB5Zjt2MgDQO/foQ5eQgiCxu0JQ9lJLynVNoRiGv3/o0aFAzHZeiQlZJKZVekO/wxPi7zycCM5mQAFJszCoGeZJ0867aa0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1610982438603348.8006094078062; Mon, 18 Jan 2021 07:07:18 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.69709.124918 (Exim 4.92) (envelope-from ) id 1l1W7H-0008Ei-Mj; Mon, 18 Jan 2021 15:06:51 +0000 Received: by outflank-mailman (output) from mailman id 69709.124918; Mon, 18 Jan 2021 15:06:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l1W7H-0008Eb-JT; Mon, 18 Jan 2021 15:06:51 +0000 Received: by outflank-mailman (input) for mailman id 69709; Mon, 18 Jan 2021 15:06:50 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l1W7G-0008EW-Bc for xen-devel@lists.xenproject.org; Mon, 18 Jan 2021 15:06:50 +0000 Received: from esa4.hc3370-68.iphmx.com (unknown [216.71.155.144]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 0750fda4-e6a9-49d3-a5e0-d01164f5b5ba; Mon, 18 Jan 2021 15:06:48 +0000 (UTC) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0750fda4-e6a9-49d3-a5e0-d01164f5b5ba DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1610982408; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=WP0gkpgHQiFEJhGJMd905VW2FcOqMrv/bUHBdxt3Dik=; b=XG9/D/yEs3x+sHgrg03VUL5g9D0w9e1VZpY0MRBH2P0eiIZPgl1JzSve lMczw21GYSiAXoBYQS1MKiWRfIEM32nR2oBsFzaSY1QruHAblfRuNi8Ek YPDorqVrKYSOgY+s8af5CyHMW1rvF5jybu9yFmUkThPq53uRu7QVKL6ZR c=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: 8E4wbJcZuEnnsj498DnFXbsRX6eYOTcj0F082nE5VIXjJ8h+OMkrCu/Klhh8qIkzXpP99xv4D6 vKg02h2y9lcAGvhF4CiyTMaNq3EqpL4rcIABg1gtDSSmzIiRZacKmqieOSOd0rgETn4zE0zE3v yuZ/2Acv0kczgOEGRpqPy4JWYcS9PME+RQFP37MCl0cd12mojaWO1Z8bpBaGx9mQ/FKc9oS29g dXLwUCbBn/eWhQv/TNe+DTP15p3bYSpeaXCuxtQ6GubQUpdEAKNeSTd1S8gUs17U5CY6iL3BE0 tCs= X-SBRS: 5.1 X-MesageID: 36602525 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.79,356,1602561600"; d="scan'208";a="36602525" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu , Daniel De Graaf , "Daniel P . Smith" Subject: [PATCH] xen/xsm: Improve alloc/free of evtchn buckets Date: Mon, 18 Jan 2021 15:06:23 +0000 Message-ID: <20210118150623.29550-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) Currently, flask_alloc_security_evtchn() is called in loops of 64 (EVTCHNS_PER_BUCKET), which for non-dummy implementations is a function pointer call even in the no-op case. The non no-op case only sets a single constant, and doesn't actually fail. Spectre v2 protections has made function pointer calls far more expensive, = and 64 back-to-back calls is a waste. Rework the APIs to pass the size of the bucket instead, and call them once. No practical change, but {alloc,free}_evtchn_bucket() should be rather more efficient now. Signed-off-by: Andrew Cooper Reviewed-by: Daniel P. Smith Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu CC: Daniel De Graaf CC: Daniel P. Smith Spotted while fixing up evtchn to use fault-ttl semantics for testing the error handling logic. --- xen/common/event_channel.c | 36 ++++++++++++++++-------------------- xen/include/xsm/dummy.h | 4 ++-- xen/include/xsm/xsm.h | 12 ++++++------ xen/xsm/dummy.c | 4 ++-- xen/xsm/flask/hooks.c | 20 +++++++++++++------- 5 files changed, 39 insertions(+), 37 deletions(-) diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index d590ddad99..2d84da2186 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -147,6 +147,14 @@ static bool virq_is_global(unsigned int virq) return true; } =20 +static void free_evtchn_bucket(struct domain *d, struct evtchn *bucket) +{ + if ( !bucket ) + return; + + xsm_free_security_evtchns(bucket, EVTCHNS_PER_BUCKET); + xfree(bucket); +} =20 static struct evtchn *alloc_evtchn_bucket(struct domain *d, unsigned int p= ort) { @@ -155,34 +163,22 @@ static struct evtchn *alloc_evtchn_bucket(struct doma= in *d, unsigned int port) =20 chn =3D xzalloc_array(struct evtchn, EVTCHNS_PER_BUCKET); if ( !chn ) - return NULL; + goto err; + + if ( xsm_alloc_security_evtchns(chn, EVTCHNS_PER_BUCKET) ) + goto err; =20 for ( i =3D 0; i < EVTCHNS_PER_BUCKET; i++ ) { - if ( xsm_alloc_security_evtchn(&chn[i]) ) - { - while ( i-- ) - xsm_free_security_evtchn(&chn[i]); - xfree(chn); - return NULL; - } chn[i].port =3D port + i; rwlock_init(&chn[i].lock); } - return chn; -} - -static void free_evtchn_bucket(struct domain *d, struct evtchn *bucket) -{ - unsigned int i; =20 - if ( !bucket ) - return; - - for ( i =3D 0; i < EVTCHNS_PER_BUCKET; i++ ) - xsm_free_security_evtchn(bucket + i); + return chn; =20 - xfree(bucket); + err: + free_evtchn_bucket(d, chn); + return NULL; } =20 int evtchn_allocate_port(struct domain *d, evtchn_port_t port) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index fa40e880ba..b215429581 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -309,12 +309,12 @@ static XSM_INLINE int xsm_evtchn_reset(XSM_DEFAULT_AR= G struct domain *d1, struct return xsm_default_action(action, d1, d2); } =20 -static XSM_INLINE int xsm_alloc_security_evtchn(struct evtchn *chn) +static XSM_INLINE int xsm_alloc_security_evtchns(struct evtchn *chn, unsig= ned int nr) { return 0; } =20 -static XSM_INLINE void xsm_free_security_evtchn(struct evtchn *chn) +static XSM_INLINE void xsm_free_security_evtchns(struct evtchn *chn, unsig= ned int nr) { return; } diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h index 7bd03d8817..aaa3f60d9e 100644 --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -72,8 +72,8 @@ struct xsm_operations { =20 int (*alloc_security_domain) (struct domain *d); void (*free_security_domain) (struct domain *d); - int (*alloc_security_evtchn) (struct evtchn *chn); - void (*free_security_evtchn) (struct evtchn *chn); + int (*alloc_security_evtchns) (struct evtchn *chn, unsigned int nr); + void (*free_security_evtchns) (struct evtchn *chn, unsigned int nr); char *(*show_security_evtchn) (struct domain *d, const struct evtchn *= chn); int (*init_hardware_domain) (struct domain *d); =20 @@ -314,14 +314,14 @@ static inline void xsm_free_security_domain (struct d= omain *d) xsm_ops->free_security_domain(d); } =20 -static inline int xsm_alloc_security_evtchn (struct evtchn *chn) +static inline int xsm_alloc_security_evtchns(struct evtchn *chn, unsigned = int nr) { - return xsm_ops->alloc_security_evtchn(chn); + return xsm_ops->alloc_security_evtchns(chn, nr); } =20 -static inline void xsm_free_security_evtchn (struct evtchn *chn) +static inline void xsm_free_security_evtchns(struct evtchn *chn, unsigned = int nr) { - (void)xsm_ops->free_security_evtchn(chn); + xsm_ops->free_security_evtchns(chn, nr); } =20 static inline char *xsm_show_security_evtchn (struct domain *d, const stru= ct evtchn *chn) diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 9e09512144..715aa1bcb5 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -49,8 +49,8 @@ void __init xsm_fixup_ops (struct xsm_operations *ops) =20 set_to_dummy_if_null(ops, alloc_security_domain); set_to_dummy_if_null(ops, free_security_domain); - set_to_dummy_if_null(ops, alloc_security_evtchn); - set_to_dummy_if_null(ops, free_security_evtchn); + set_to_dummy_if_null(ops, alloc_security_evtchns); + set_to_dummy_if_null(ops, free_security_evtchns); set_to_dummy_if_null(ops, show_security_evtchn); set_to_dummy_if_null(ops, init_hardware_domain); =20 diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 19b0d9e3eb..562754f3b4 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -307,19 +307,25 @@ static int flask_evtchn_reset(struct domain *d1, stru= ct domain *d2) return domain_has_perm(d1, d2, SECCLASS_EVENT, EVENT__RESET); } =20 -static int flask_alloc_security_evtchn(struct evtchn *chn) +static int flask_alloc_security_evtchns(struct evtchn *chn, unsigned int n= r) { - chn->ssid.flask_sid =3D SECINITSID_UNLABELED; + unsigned int i; + + for ( i =3D 0; i < nr; ++i ) + chn[i].ssid.flask_sid =3D SECINITSID_UNLABELED; =20 - return 0; =20 + return 0; } =20 -static void flask_free_security_evtchn(struct evtchn *chn) +static void flask_free_security_evtchns(struct evtchn *chn, unsigned int n= r) { + unsigned int i; + if ( !chn ) return; =20 - chn->ssid.flask_sid =3D SECINITSID_UNLABELED; + for ( i =3D 0; i < nr; ++i ) + chn[i].ssid.flask_sid =3D SECINITSID_UNLABELED; } =20 static char *flask_show_security_evtchn(struct domain *d, const struct evt= chn *chn) @@ -1766,8 +1772,8 @@ static struct xsm_operations flask_ops =3D { =20 .alloc_security_domain =3D flask_domain_alloc_security, .free_security_domain =3D flask_domain_free_security, - .alloc_security_evtchn =3D flask_alloc_security_evtchn, - .free_security_evtchn =3D flask_free_security_evtchn, + .alloc_security_evtchns =3D flask_alloc_security_evtchns, + .free_security_evtchns =3D flask_free_security_evtchns, .show_security_evtchn =3D flask_show_security_evtchn, .init_hardware_domain =3D flask_init_hardware_domain, =20 --=20 2.11.0