From: Jeremy Fitzhardinge <jeremy@goop.org>
To: Joanna Rutkowska <joanna@invisiblethingslab.com>
Cc: xen-devel@lists.xensource.com,
Rafal Wojtczuk <rafal@invisiblethingslab.com>,
qubes-devel@googlegroups.com
Subject: Re: The mfn of the frame, that holds a mlock-ed PV domU usermode page, can change
Date: Mon, 12 Apr 2010 13:39:43 -0700 [thread overview]
Message-ID: <4BC3850F.7070108@goop.org> (raw)
In-Reply-To: <4BC380E2.8060605@invisiblethingslab.com>
On 04/12/2010 01:21 PM, Joanna Rutkowska wrote:
> On 04/12/2010 10:01 PM, Jeremy Fitzhardinge wrote:
>
>> Why is it necessary to map usermode pages? It just seems like asking
>> for trouble. Why not make it so that the domU X server gets the memory
>> from the kernel (via some kind of driver), and then map that through to
>> dom0?
>>
> Because we want to avoid modifying Xorg sources -- it normally allocates
> its composition buffers using malloc, and if we wanted to make it using
> some kernel allocated memory (by our custom driver) we would need to
> patch the Xorg, which we obviously wanted to avoid...
>
The referenced code doesn't do that; it allocates some memory with with
mmap, mlocks it, uses /proc/u2mfn to get the mfn then pokes it into xenbus.
But I assume you have other code which wants to grant through the
Xorg-allocated framebufer. That complicates things a bit, but you could
still add a device (no /proc files, please) with an ioctl which:
1. takes a range of usermode addresses
2. increments the page refcount for those pages
3. returns the mfns for those pages
That will prevent the pages from being migrated while you're referring
to their mfns. You need to add something to explicitly decrement the
refcount to prevent a memory leak, presumably at the time you tear down
the mapping in dom0. Ideally you'd arrange to do that triggered off
unmap of the memory range (by isolating the pages in their own new vma)
so that it all gets cleaned up on process exit.
J
next prev parent reply other threads:[~2010-04-12 20:39 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-12 18:54 The mfn of the frame, that holds a mlock-ed PV domU usermode page, can change Rafal Wojtczuk
2010-04-12 20:01 ` Jeremy Fitzhardinge
2010-04-12 20:21 ` Joanna Rutkowska
2010-04-12 20:39 ` Jeremy Fitzhardinge [this message]
2010-04-12 21:19 ` Joanna Rutkowska
2010-04-12 21:26 ` Jeremy Fitzhardinge
2010-04-12 21:36 ` Joanna Rutkowska
2010-04-19 11:25 ` Rafal Wojtczuk
2010-04-19 16:48 ` Jeremy Fitzhardinge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BC3850F.7070108@goop.org \
--to=jeremy@goop.org \
--cc=joanna@invisiblethingslab.com \
--cc=qubes-devel@googlegroups.com \
--cc=rafal@invisiblethingslab.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.