[PATCH] xen/balloon: set ballooned out pages as invalid in p2m

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] xen/balloon: set ballooned out pages as invalid in p2m
@ 2014-07-01 13:37 David Vrabel
  2014-07-01 13:58 ` Konrad Rzeszutek Wilk
  0 siblings, 1 reply; 7+ messages in thread
From: David Vrabel @ 2014-07-01 13:37 UTC (permalink / raw)
  To: xen-devel; +Cc: Boris Ostrovsky, David Vrabel

Since cd9151e26d31048b2b5e00fd02e110e07d2200c9 (xen/balloon: set a
mapping for ballooned out pages), a ballooned out page had its entry
in the p2m set to the MFN of one of the scratch pages.  This means
that the p2m will contain many entries pointing to the same MFN.

During a domain save, these many-to-one entries are not identified as
such and the scratch page is saved multiple times. On restore the
ballooned pages are populated with new frames and the domain may use
up its allocation before all pages can be restored.

Set ballooned out pages as INVALID_P2M_ENTRY in the p2m (as they were
before), preventing them from being saved and re-populated on restore.

Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reported-by: Marek Marczykowski <marmarek@invisiblethingslab.com>
Tested-by: Marek Marczykowski <marmarek@invisiblethingslab.com>
---
 drivers/xen/balloon.c |   12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
index b7a506f..5c660c7 100644
--- a/drivers/xen/balloon.c
+++ b/drivers/xen/balloon.c
@@ -426,20 +426,18 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
 		 * p2m are consistent.
 		 */
 		if (!xen_feature(XENFEAT_auto_translated_physmap)) {
-			unsigned long p;
-			struct page   *scratch_page = get_balloon_scratch_page();
-
 			if (!PageHighMem(page)) {
+				struct page *scratch_page = get_balloon_scratch_page();
+
 				ret = HYPERVISOR_update_va_mapping(
 						(unsigned long)__va(pfn << PAGE_SHIFT),
 						pfn_pte(page_to_pfn(scratch_page),
 							PAGE_KERNEL_RO), 0);
 				BUG_ON(ret);
-			}
-			p = page_to_pfn(scratch_page);
-			__set_phys_to_machine(pfn, pfn_to_mfn(p));
 
-			put_balloon_scratch_page();
+				put_balloon_scratch_page();
+			}
+			__set_phys_to_machine(pfn, INVALID_P2M_ENTRY);
 		}
 #endif
 
-- 
1.7.10.4

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] xen/balloon: set ballooned out pages as invalid in p2m
  2014-07-01 13:37 David Vrabel
@ 2014-07-01 13:58 ` Konrad Rzeszutek Wilk
  2014-07-01 14:00   ` David Vrabel
  0 siblings, 1 reply; 7+ messages in thread
From: Konrad Rzeszutek Wilk @ 2014-07-01 13:58 UTC (permalink / raw)
  To: David Vrabel; +Cc: xen-devel, Boris Ostrovsky

On Tue, Jul 01, 2014 at 02:37:48PM +0100, David Vrabel wrote:
> Since cd9151e26d31048b2b5e00fd02e110e07d2200c9 (xen/balloon: set a
> mapping for ballooned out pages), a ballooned out page had its entry
> in the p2m set to the MFN of one of the scratch pages.  This means
> that the p2m will contain many entries pointing to the same MFN.
> 
> During a domain save, these many-to-one entries are not identified as
> such and the scratch page is saved multiple times. On restore the
> ballooned pages are populated with new frames and the domain may use
> up its allocation before all pages can be restored.
> 
> Set ballooned out pages as INVALID_P2M_ENTRY in the p2m (as they were
> before), preventing them from being saved and re-populated on restore.
> 

Won't that invalide the primal purpose of the scratch page code?

That is  cd9151e26d31048b2b5e00fd02e110e07d2200c9

    xen/balloon: set a mapping for ballooned out pages
" Allocate a page per cpu and map all the ballooned out pages to the
    corresponding mfn. Set the p2m accordingly. This way reading from a
    ballooned out page won't cause a kernel crash (see
    http://lists.xen.org/archives/html/xen-devel/2012-12/msg01154.html).
"
?

> Signed-off-by: David Vrabel <david.vrabel@citrix.com>
> Reported-by: Marek Marczykowski <marmarek@invisiblethingslab.com>
> Tested-by: Marek Marczykowski <marmarek@invisiblethingslab.com>
> ---
>  drivers/xen/balloon.c |   12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
> index b7a506f..5c660c7 100644
> --- a/drivers/xen/balloon.c
> +++ b/drivers/xen/balloon.c
> @@ -426,20 +426,18 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
>  		 * p2m are consistent.
>  		 */
>  		if (!xen_feature(XENFEAT_auto_translated_physmap)) {
> -			unsigned long p;
> -			struct page   *scratch_page = get_balloon_scratch_page();
> -
>  			if (!PageHighMem(page)) {
> +				struct page *scratch_page = get_balloon_scratch_page();
> +
>  				ret = HYPERVISOR_update_va_mapping(
>  						(unsigned long)__va(pfn << PAGE_SHIFT),
>  						pfn_pte(page_to_pfn(scratch_page),
>  							PAGE_KERNEL_RO), 0);
>  				BUG_ON(ret);
> -			}
> -			p = page_to_pfn(scratch_page);
> -			__set_phys_to_machine(pfn, pfn_to_mfn(p));
>  
> -			put_balloon_scratch_page();
> +				put_balloon_scratch_page();
> +			}
> +			__set_phys_to_machine(pfn, INVALID_P2M_ENTRY);
>  		}
>  #endif
>  
> -- 
> 1.7.10.4
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] xen/balloon: set ballooned out pages as invalid in p2m
  2014-07-01 13:58 ` Konrad Rzeszutek Wilk
@ 2014-07-01 14:00   ` David Vrabel
  2014-07-01 14:06     ` Konrad Rzeszutek Wilk
  0 siblings, 1 reply; 7+ messages in thread
From: David Vrabel @ 2014-07-01 14:00 UTC (permalink / raw)
  To: Konrad Rzeszutek Wilk; +Cc: xen-devel, Boris Ostrovsky

On 01/07/14 14:58, Konrad Rzeszutek Wilk wrote:
> On Tue, Jul 01, 2014 at 02:37:48PM +0100, David Vrabel wrote:
>> Since cd9151e26d31048b2b5e00fd02e110e07d2200c9 (xen/balloon: set a
>> mapping for ballooned out pages), a ballooned out page had its entry
>> in the p2m set to the MFN of one of the scratch pages.  This means
>> that the p2m will contain many entries pointing to the same MFN.
>>
>> During a domain save, these many-to-one entries are not identified as
>> such and the scratch page is saved multiple times. On restore the
>> ballooned pages are populated with new frames and the domain may use
>> up its allocation before all pages can be restored.
>>
>> Set ballooned out pages as INVALID_P2M_ENTRY in the p2m (as they were
>> before), preventing them from being saved and re-populated on restore.
>>
> 
> Won't that invalide the primal purpose of the scratch page code?
> 
> That is  cd9151e26d31048b2b5e00fd02e110e07d2200c9
> 
>     xen/balloon: set a mapping for ballooned out pages
> " Allocate a page per cpu and map all the ballooned out pages to the
>     corresponding mfn. Set the p2m accordingly. This way reading from a
>     ballooned out page won't cause a kernel crash (see
>     http://lists.xen.org/archives/html/xen-devel/2012-12/msg01154.html).
> "
> ?

No, because we still have a virtual mapping for the ballooned out page.

David

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] xen/balloon: set ballooned out pages as invalid in p2m
  2014-07-01 14:00   ` David Vrabel
@ 2014-07-01 14:06     ` Konrad Rzeszutek Wilk
  2014-07-04 14:08       ` Stefano Stabellini
  0 siblings, 1 reply; 7+ messages in thread
From: Konrad Rzeszutek Wilk @ 2014-07-01 14:06 UTC (permalink / raw)
  To: David Vrabel; +Cc: xen-devel, Boris Ostrovsky

On Tue, Jul 01, 2014 at 03:00:16PM +0100, David Vrabel wrote:
> On 01/07/14 14:58, Konrad Rzeszutek Wilk wrote:
> > On Tue, Jul 01, 2014 at 02:37:48PM +0100, David Vrabel wrote:
> >> Since cd9151e26d31048b2b5e00fd02e110e07d2200c9 (xen/balloon: set a
> >> mapping for ballooned out pages), a ballooned out page had its entry
> >> in the p2m set to the MFN of one of the scratch pages.  This means
> >> that the p2m will contain many entries pointing to the same MFN.
> >>
> >> During a domain save, these many-to-one entries are not identified as
> >> such and the scratch page is saved multiple times. On restore the
> >> ballooned pages are populated with new frames and the domain may use
> >> up its allocation before all pages can be restored.
> >>
> >> Set ballooned out pages as INVALID_P2M_ENTRY in the p2m (as they were
> >> before), preventing them from being saved and re-populated on restore.
> >>
> > 
> > Won't that invalide the primal purpose of the scratch page code?
> > 
> > That is  cd9151e26d31048b2b5e00fd02e110e07d2200c9
> > 
> >     xen/balloon: set a mapping for ballooned out pages
> > " Allocate a page per cpu and map all the ballooned out pages to the
> >     corresponding mfn. Set the p2m accordingly. This way reading from a
> >     ballooned out page won't cause a kernel crash (see
> >     http://lists.xen.org/archives/html/xen-devel/2012-12/msg01154.html).
> > "
> > ?
> 
> No, because we still have a virtual mapping for the ballooned out page.

If you could add that comment in that would reflect that - IMHO
it would be good.

> 
> David

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH] xen/balloon: set ballooned out pages as invalid in p2m
@ 2014-07-02  9:40 David Vrabel
  2014-07-04 14:18 ` David Vrabel
  0 siblings, 1 reply; 7+ messages in thread
From: David Vrabel @ 2014-07-02  9:40 UTC (permalink / raw)
  To: xen-devel
  Cc: Marek Marczykowski, Boris Ostrovsky, Stefano Stabellini,
	David Vrabel

Since cd9151e26d31048b2b5e00fd02e110e07d2200c9 (xen/balloon: set a
mapping for ballooned out pages), a ballooned out page had its entry
in the p2m set to the MFN of one of the scratch pages.  This means
that the p2m will contain many entries pointing to the same MFN.

During a domain save, these many-to-one entries are not identified as
such and the scratch page is saved multiple times. On restore the
ballooned pages are populated with new frames and the domain may use
up its allocation before all pages can be restored.

Since the original fix only needed to keep a mapping for the ballooned
page it is safe to set ballooned out pages as INVALID_P2M_ENTRY in the
p2m (as they were before). Thus preventing them from being saved and
re-populated on restore.

Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reported-by: Marek Marczykowski <marmarek@invisiblethingslab.com>
Tested-by: Marek Marczykowski <marmarek@invisiblethingslab.com>
---
Cc: Marek Marczykowski <marmarek@invisiblethingslab.com>

v2:
- improve commit message
---
 drivers/xen/balloon.c |   12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
index b7a506f..5c660c7 100644
--- a/drivers/xen/balloon.c
+++ b/drivers/xen/balloon.c
@@ -426,20 +426,18 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
 		 * p2m are consistent.
 		 */
 		if (!xen_feature(XENFEAT_auto_translated_physmap)) {
-			unsigned long p;
-			struct page   *scratch_page = get_balloon_scratch_page();
-
 			if (!PageHighMem(page)) {
+				struct page *scratch_page = get_balloon_scratch_page();
+
 				ret = HYPERVISOR_update_va_mapping(
 						(unsigned long)__va(pfn << PAGE_SHIFT),
 						pfn_pte(page_to_pfn(scratch_page),
 							PAGE_KERNEL_RO), 0);
 				BUG_ON(ret);
-			}
-			p = page_to_pfn(scratch_page);
-			__set_phys_to_machine(pfn, pfn_to_mfn(p));

-			put_balloon_scratch_page();
+				put_balloon_scratch_page();
+			}
+			__set_phys_to_machine(pfn, INVALID_P2M_ENTRY);
 		}
 #endif

-- 
1.7.10.4

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] xen/balloon: set ballooned out pages as invalid in p2m
  2014-07-01 14:06     ` Konrad Rzeszutek Wilk
@ 2014-07-04 14:08       ` Stefano Stabellini
  0 siblings, 0 replies; 7+ messages in thread
From: Stefano Stabellini @ 2014-07-04 14:08 UTC (permalink / raw)
  To: Konrad Rzeszutek Wilk; +Cc: xen-devel, Boris Ostrovsky, David Vrabel

On Tue, 1 Jul 2014, Konrad Rzeszutek Wilk wrote:
> On Tue, Jul 01, 2014 at 03:00:16PM +0100, David Vrabel wrote:
> > On 01/07/14 14:58, Konrad Rzeszutek Wilk wrote:
> > > On Tue, Jul 01, 2014 at 02:37:48PM +0100, David Vrabel wrote:
> > >> Since cd9151e26d31048b2b5e00fd02e110e07d2200c9 (xen/balloon: set a
> > >> mapping for ballooned out pages), a ballooned out page had its entry
> > >> in the p2m set to the MFN of one of the scratch pages.  This means
> > >> that the p2m will contain many entries pointing to the same MFN.
> > >>
> > >> During a domain save, these many-to-one entries are not identified as
> > >> such and the scratch page is saved multiple times. On restore the
> > >> ballooned pages are populated with new frames and the domain may use
> > >> up its allocation before all pages can be restored.
> > >>
> > >> Set ballooned out pages as INVALID_P2M_ENTRY in the p2m (as they were
> > >> before), preventing them from being saved and re-populated on restore.
> > >>
> > > 
> > > Won't that invalide the primal purpose of the scratch page code?
> > > 
> > > That is  cd9151e26d31048b2b5e00fd02e110e07d2200c9
> > > 
> > >     xen/balloon: set a mapping for ballooned out pages
> > > " Allocate a page per cpu and map all the ballooned out pages to the
> > >     corresponding mfn. Set the p2m accordingly. This way reading from a
> > >     ballooned out page won't cause a kernel crash (see
> > >     http://lists.xen.org/archives/html/xen-devel/2012-12/msg01154.html).
> > > "
> > > ?
> > 
> > No, because we still have a virtual mapping for the ballooned out page.
> 
> If you could add that comment in that would reflect that - IMHO
> it would be good.

Agreed.
Aside from that:

Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] xen/balloon: set ballooned out pages as invalid in p2m
  2014-07-02  9:40 [PATCH] xen/balloon: set ballooned out pages as invalid in p2m David Vrabel
@ 2014-07-04 14:18 ` David Vrabel
  0 siblings, 0 replies; 7+ messages in thread
From: David Vrabel @ 2014-07-04 14:18 UTC (permalink / raw)
  To: David Vrabel, xen-devel
  Cc: Boris Ostrovsky, Marek Marczykowski, Stefano Stabellini

On 02/07/14 10:40, David Vrabel wrote:
> Since cd9151e26d31048b2b5e00fd02e110e07d2200c9 (xen/balloon: set a
> mapping for ballooned out pages), a ballooned out page had its entry
> in the p2m set to the MFN of one of the scratch pages.  This means
> that the p2m will contain many entries pointing to the same MFN.
> 
> During a domain save, these many-to-one entries are not identified as
> such and the scratch page is saved multiple times. On restore the
> ballooned pages are populated with new frames and the domain may use
> up its allocation before all pages can be restored.
> 
> Since the original fix only needed to keep a mapping for the ballooned
> page it is safe to set ballooned out pages as INVALID_P2M_ENTRY in the
> p2m (as they were before). Thus preventing them from being saved and
> re-populated on restore.

Stefano acked v1 so I've applied to to stable/for-linus-2.16 and tagged
for stable.

David

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2014-07-04 14:18 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-02  9:40 [PATCH] xen/balloon: set ballooned out pages as invalid in p2m David Vrabel
2014-07-04 14:18 ` David Vrabel
  -- strict thread matches above, loose matches on Subject: below --
2014-07-01 13:37 David Vrabel
2014-07-01 13:58 ` Konrad Rzeszutek Wilk
2014-07-01 14:00   ` David Vrabel
2014-07-01 14:06     ` Konrad Rzeszutek Wilk
2014-07-04 14:08       ` Stefano Stabellini

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.