[PATCH 0 of 2] x86/mm: Two hypervisor paging fixes

[PATCH 0 of 2] x86/mm: Two hypervisor paging fixes

[Andres Lagar-Cavilla]

- Disallow for good paging_prep: it's unsafe
- Allow paging in of a page in paged-out state. This shortcuts the 
  need to reference the page and trigger a populate event, thus saving
  a complete control stack round-trip.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>

 xen/arch/x86/mm/p2m.c |  15 +++++++++++----
 xen/arch/x86/mm/p2m.c |   4 ++++
 2 files changed, 15 insertions(+), 4 deletions(-)

[PATCH 1 of 2] x86/mm: Allow a page in p2m_ram_paged_out state to be loaded

[Andres Lagar-Cavilla]

 xen/arch/x86/mm/p2m.c |  15 +++++++++++----
 1 files changed, 11 insertions(+), 4 deletions(-)


This removes the need for a page to be accessed in order to be pageable
again. A pager can now page-in pages at will with no need to map them
in a separate thread.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>

diff -r 90f764bf02c3 -r f7c330d5b4b5 xen/arch/x86/mm/p2m.c
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -964,7 +964,7 @@ void p2m_mem_paging_populate(struct doma
 int p2m_mem_paging_prep(struct domain *d, unsigned long gfn, uint64_t buffer)
 {
     struct page_info *page;
-    p2m_type_t p2mt;
+    p2m_type_t p2mt, target_p2mt;
     p2m_access_t a;
     mfn_t mfn;
     struct p2m_domain *p2m = p2m_get_hostp2m(d);
@@ -982,8 +982,8 @@ int p2m_mem_paging_prep(struct domain *d
     mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL);
 
     ret = -ENOENT;
-    /* Allow only missing pages */
-    if ( p2mt != p2m_ram_paging_in_start )
+    /* Allow missing pages */
+    if ( (p2mt != p2m_ram_paging_in_start) && (p2mt != p2m_ram_paged) )
         goto out;
 
     /* Allocate a page if the gfn does not have one yet */
@@ -1018,8 +1018,15 @@ int p2m_mem_paging_prep(struct domain *d
         }
     }
 
+    target_p2mt = (p2mt == p2m_ram_paging_in_start) ?
+        /* If we kicked the pager with a populate event, the pager will send
+         * a resume event back */
+        p2m_ram_paging_in :
+        /* If this was called asynchronously by the pager, then we can 
+         * transition directly to the final guest-accessible type */
+        (paging_mode_log_dirty(d) ? p2m_ram_logdirty : p2m_ram_rw);
     /* Fix p2m mapping */
-    set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, p2m_ram_paging_in, a);
+    set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, target_p2mt, a);
 
     atomic_dec(&d->paged_pages);

Re: [PATCH 1 of 2] x86/mm: Allow a page in p2m_ram_paged_out state to be loaded

[Hongkaixing]

    I think it may have many unpredicted risks. 
    After p2mt is changed to p2m_ram_rw, Domain guest can access this page unrestrictedly without being trapped in xen.
 But at this time, the page is not prepared.

> -----Original Message-----
> From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Andres Lagar-Cavilla
> Sent: Tuesday, January 10, 2012 5:41 AM
> To: xen-devel@lists.xensource.com
> Cc: andres@gridcentric.ca; tim@xen.org; olaf@aepfle.de; adin@gridcentric.ca
> Subject: [Xen-devel] [PATCH 1 of 2] x86/mm: Allow a page in p2m_ram_paged_out state to be loaded
> 
>  xen/arch/x86/mm/p2m.c |  15 +++++++++++----
>  1 files changed, 11 insertions(+), 4 deletions(-)
> 
> 
> This removes the need for a page to be accessed in order to be pageable
> again. A pager can now page-in pages at will with no need to map them
> in a separate thread.
> 
> Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
> Acked-by: Tim Deegan <tim@xen.org>
> 
> diff -r 90f764bf02c3 -r f7c330d5b4b5 xen/arch/x86/mm/p2m.c
> --- a/xen/arch/x86/mm/p2m.c
> +++ b/xen/arch/x86/mm/p2m.c
> @@ -964,7 +964,7 @@ void p2m_mem_paging_populate(struct doma
>  int p2m_mem_paging_prep(struct domain *d, unsigned long gfn, uint64_t buffer)
>  {
>      struct page_info *page;
> -    p2m_type_t p2mt;
> +    p2m_type_t p2mt, target_p2mt;
>      p2m_access_t a;
>      mfn_t mfn;
>      struct p2m_domain *p2m = p2m_get_hostp2m(d);
> @@ -982,8 +982,8 @@ int p2m_mem_paging_prep(struct domain *d
>      mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL);
> 
>      ret = -ENOENT;
> -    /* Allow only missing pages */
> -    if ( p2mt != p2m_ram_paging_in_start )
> +    /* Allow missing pages */
> +    if ( (p2mt != p2m_ram_paging_in_start) && (p2mt != p2m_ram_paged) )
>          goto out;
> 
>      /* Allocate a page if the gfn does not have one yet */
> @@ -1018,8 +1018,15 @@ int p2m_mem_paging_prep(struct domain *d
>          }
>      }
> 
> +    target_p2mt = (p2mt == p2m_ram_paging_in_start) ?
> +        /* If we kicked the pager with a populate event, the pager will send
> +         * a resume event back */
> +        p2m_ram_paging_in :
> +        /* If this was called asynchronously by the pager, then we can
> +         * transition directly to the final guest-accessible type */
> +        (paging_mode_log_dirty(d) ? p2m_ram_logdirty : p2m_ram_rw);
>      /* Fix p2m mapping */
> -    set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, p2m_ram_paging_in, a);
> +    set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, target_p2mt, a);
> 
>      atomic_dec(&d->paged_pages);
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

Re: [PATCH 1 of 2] x86/mm: Allow a page in p2m_ram_paged_out state to be loaded

[Andres Lagar-Cavilla]

I think top-posting is frowned upon. Below...
>     I think it may have many unpredicted risks.
>     After p2mt is changed to p2m_ram_rw, Domain guest can access this page
> unrestrictedly without being trapped in xen.
>  But at this time, the page is not prepared.

Nope. The page has already been allocated and paged-in (copy_from_user out
of user_ptr) by the time the p2mt is changed

Andres
>
>> -----Original Message-----
>> From: xen-devel-bounces@lists.xensource.com
>> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Andres
>> Lagar-Cavilla
>> Sent: Tuesday, January 10, 2012 5:41 AM
>> To: xen-devel@lists.xensource.com
>> Cc: andres@gridcentric.ca; tim@xen.org; olaf@aepfle.de;
>> adin@gridcentric.ca
>> Subject: [Xen-devel] [PATCH 1 of 2] x86/mm: Allow a page in
>> p2m_ram_paged_out state to be loaded
>>
>>  xen/arch/x86/mm/p2m.c |  15 +++++++++++----
>>  1 files changed, 11 insertions(+), 4 deletions(-)
>>
>>
>> This removes the need for a page to be accessed in order to be pageable
>> again. A pager can now page-in pages at will with no need to map them
>> in a separate thread.
>>
>> Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
>> Acked-by: Tim Deegan <tim@xen.org>
>>
>> diff -r 90f764bf02c3 -r f7c330d5b4b5 xen/arch/x86/mm/p2m.c
>> --- a/xen/arch/x86/mm/p2m.c
>> +++ b/xen/arch/x86/mm/p2m.c
>> @@ -964,7 +964,7 @@ void p2m_mem_paging_populate(struct doma
>>  int p2m_mem_paging_prep(struct domain *d, unsigned long gfn, uint64_t
>> buffer)
>>  {
>>      struct page_info *page;
>> -    p2m_type_t p2mt;
>> +    p2m_type_t p2mt, target_p2mt;
>>      p2m_access_t a;
>>      mfn_t mfn;
>>      struct p2m_domain *p2m = p2m_get_hostp2m(d);
>> @@ -982,8 +982,8 @@ int p2m_mem_paging_prep(struct domain *d
>>      mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL);
>>
>>      ret = -ENOENT;
>> -    /* Allow only missing pages */
>> -    if ( p2mt != p2m_ram_paging_in_start )
>> +    /* Allow missing pages */
>> +    if ( (p2mt != p2m_ram_paging_in_start) && (p2mt != p2m_ram_paged) )
>>          goto out;
>>
>>      /* Allocate a page if the gfn does not have one yet */
>> @@ -1018,8 +1018,15 @@ int p2m_mem_paging_prep(struct domain *d
>>          }
>>      }
>>
>> +    target_p2mt = (p2mt == p2m_ram_paging_in_start) ?
>> +        /* If we kicked the pager with a populate event, the pager will
>> send
>> +         * a resume event back */
>> +        p2m_ram_paging_in :
>> +        /* If this was called asynchronously by the pager, then we can
>> +         * transition directly to the final guest-accessible type */
>> +        (paging_mode_log_dirty(d) ? p2m_ram_logdirty : p2m_ram_rw);
>>      /* Fix p2m mapping */
>> -    set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, p2m_ram_paging_in, a);
>> +    set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, target_p2mt, a);
>>
>>      atomic_dec(&d->paged_pages);
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>
>

Re: [PATCH 1 of 2] x86/mm: Allow a page in p2m_ram_paged_out state to be loaded

[Hongkaixing]

> -----Original Message-----
> From: Andres Lagar-Cavilla [mailto:andres@lagarcavilla.org]
> Sent: Wednesday, January 11, 2012 10:57 PM
> To: Hongkaixing
> Cc: xen-devel@lists.xensource.com; andres@gridcentric.ca; tim@xen.org; olaf@aepfle.de; adin@gridcentric.ca;
> yanqiangjun@huawei.com; bicky.shi@huawei.com; xiaowei.yang@huawei.com
> Subject: RE: [Xen-devel] [PATCH 1 of 2] x86/mm: Allow a page in p2m_ram_paged_out state to be loaded
> 
> I think top-posting is frowned upon. Below...
> >     I think it may have many unpredicted risks.
> >     After p2mt is changed to p2m_ram_rw, Domain guest can access this page
> > unrestrictedly without being trapped in xen.
> >  But at this time, the page is not prepared.
> 
> Nope. The page has already been allocated and paged-in (copy_from_user out
> of user_ptr) by the time the p2mt is changed


I have got it,  first change p2mt to p2m_ram_paging_in, prepare a page, use copy_from_usr to copy, then change p2mt to ram_rw . It
is a good idea.



> Andres
> >
> >> -----Original Message-----
> >> From: xen-devel-bounces@lists.xensource.com
> >> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Andres
> >> Lagar-Cavilla
> >> Sent: Tuesday, January 10, 2012 5:41 AM
> >> To: xen-devel@lists.xensource.com
> >> Cc: andres@gridcentric.ca; tim@xen.org; olaf@aepfle.de;
> >> adin@gridcentric.ca
> >> Subject: [Xen-devel] [PATCH 1 of 2] x86/mm: Allow a page in
> >> p2m_ram_paged_out state to be loaded
> >>
> >>  xen/arch/x86/mm/p2m.c |  15 +++++++++++----
> >>  1 files changed, 11 insertions(+), 4 deletions(-)
> >>
> >>
> >> This removes the need for a page to be accessed in order to be pageable
> >> again. A pager can now page-in pages at will with no need to map them
> >> in a separate thread.
> >>
> >> Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
> >> Acked-by: Tim Deegan <tim@xen.org>
> >>
> >> diff -r 90f764bf02c3 -r f7c330d5b4b5 xen/arch/x86/mm/p2m.c
> >> --- a/xen/arch/x86/mm/p2m.c
> >> +++ b/xen/arch/x86/mm/p2m.c
> >> @@ -964,7 +964,7 @@ void p2m_mem_paging_populate(struct doma
> >>  int p2m_mem_paging_prep(struct domain *d, unsigned long gfn, uint64_t
> >> buffer)
> >>  {
> >>      struct page_info *page;
> >> -    p2m_type_t p2mt;
> >> +    p2m_type_t p2mt, target_p2mt;
> >>      p2m_access_t a;
> >>      mfn_t mfn;
> >>      struct p2m_domain *p2m = p2m_get_hostp2m(d);
> >> @@ -982,8 +982,8 @@ int p2m_mem_paging_prep(struct domain *d
> >>      mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL);
> >>
> >>      ret = -ENOENT;
> >> -    /* Allow only missing pages */
> >> -    if ( p2mt != p2m_ram_paging_in_start )
> >> +    /* Allow missing pages */
> >> +    if ( (p2mt != p2m_ram_paging_in_start) && (p2mt != p2m_ram_paged) )
> >>          goto out;
> >>
> >>      /* Allocate a page if the gfn does not have one yet */
> >> @@ -1018,8 +1018,15 @@ int p2m_mem_paging_prep(struct domain *d
> >>          }
> >>      }
> >>
> >> +    target_p2mt = (p2mt == p2m_ram_paging_in_start) ?
> >> +        /* If we kicked the pager with a populate event, the pager will
> >> send
> >> +         * a resume event back */
> >> +        p2m_ram_paging_in :
> >> +        /* If this was called asynchronously by the pager, then we can
> >> +         * transition directly to the final guest-accessible type */
> >> +        (paging_mode_log_dirty(d) ? p2m_ram_logdirty : p2m_ram_rw);
> >>      /* Fix p2m mapping */
> >> -    set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, p2m_ram_paging_in, a);
> >> +    set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, target_p2mt, a);
> >>
> >>      atomic_dec(&d->paged_pages);
> >>
> >>
> >> _______________________________________________
> >> Xen-devel mailing list
> >> Xen-devel@lists.xensource.com
> >> http://lists.xensource.com/xen-devel
> >
> >

[PATCH 2 of 2] x86/mm: Disable paging_prep

[Andres Lagar-Cavilla]

 xen/arch/x86/mm/p2m.c |  4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)


The only way to page-in a page is now the safe paging_load domctl.
(Unless the page was never paged out in the first place)

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>

diff -r f7c330d5b4b5 -r d5e830891ee2 xen/arch/x86/mm/p2m.c
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -989,6 +989,10 @@ int p2m_mem_paging_prep(struct domain *d
     /* Allocate a page if the gfn does not have one yet */
     if ( !mfn_valid(mfn) )
     {
+        /* If the user did not provide a buffer, we disallow */
+        ret = -EINVAL;
+        if ( unlikely(user_ptr == NULL) )
+            goto out;
         /* Get a free page */
         ret = -ENOMEM;
         page = alloc_domheap_page(p2m->domain, 0);

Re: [PATCH 0 of 2] x86/mm: Two hypervisor paging fixes

[Tim Deegan]

At 16:41 -0500 on 09 Jan (1326127285), Andres Lagar-Cavilla wrote:
> - Disallow for good paging_prep: it's unsafe
> - Allow paging in of a page in paged-out state. This shortcuts the 
>   need to reference the page and trigger a populate event, thus saving
>   a complete control stack round-trip.
> 
> Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
> Acked-by: Tim Deegan <tim@xen.org>

Applied, thanks.

Tim.