Date: Wed, 30 Dec 2015 17:44:49 +1100 (EST) From: Bruce Evans <brde@optusnet.com.au> To: David Chisnall <theraven@FreeBSD.org> Cc: Bruce Evans <brde@optusnet.com.au>, John Baldwin <jhb@FreeBSD.org>, Warner Losh <imp@bsdimp.com>, src-committers <src-committers@FreeBSD.org>, svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, Warner Losh <imp@FreeBSD.org> Subject: Re: svn commit: r292809 - head/lib/libc/stdio Message-ID: <20151230172556.R2352@besplex.bde.org> In-Reply-To: <12F59E6B-137C-4B53-B86C-E111E512CCFF@FreeBSD.org> References: <201512272304.tBRN4C5D034464@repo.freebsd.org> <41508412.yspAtSoPCD@ralph.baldwin.cx> <CANCZdfq4sMAEzJ-wxNnybJiiTnJV3k5NZgcQACnchHCgpKQxrQ@mail.gmail.com> <2345870.SHMMVrpc1D@ralph.baldwin.cx> <20151230102454.P1079@besplex.bde.org> <12F59E6B-137C-4B53-B86C-E111E512CCFF@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Dec 2015, David Chisnall wrote: > On 30 Dec 2015, at 00:48, Bruce Evans <brde@optusnet.com.au> wrote: >> >> - C++ apparently spells this as both _Alignof() and alignof() after 2011= /03 > > This is not correct. C++ spells it alignof. C spells it _Alignof, unles= s you include <stdalign.h>, in which case C spells it alignof and defines _= _alignof_is_defined. > > On FreeBSD, we define _Alignof in C++ mode, because it=E2=80=99s in the r= eserved identifier space and gives us something that works in C and C++. So it is more broken than first appeared :-). Extra spellings are a bug since users don't know which one to use and prefer the worst one unless they are experts in at least 3 versions of 3 standards (C-K&R, C90, C99, C11, C++-mumble, gnu89, gnu99, gnu11) and FreeBSD variations on these. There are also syntactical problems. stdalign.h uses _Alignas and _Alignof= , but FreeBSD only defines _Alignas(x) and _Alignof(x). The former is becaus= e alignof is like sizeof so it doesn't need parentheses. However, alignof(typename) needs the parentheses and 'alignof expression' is=20 apparently only a gnu extension, so it is difficult to construct an example of Standard code without the parentheses. _Alignas is more broken than _Alignof. In the C case, _Alignas(x) is as __aligned(x), but this only works if x is an expression. __aligned(x) is often used in FreeBSD code, but the same code in C++ with __aligned(x) replaced by alignas(x) with any spelling is a syntax error. Bruce From owner-svn-src-all@freebsd.org Wed Dec 30 08:15:45 2015 Return-Path: <owner-svn-src-all@freebsd.org> Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 698E1A55B36; Wed, 30 Dec 2015 08:15:45 +0000 (UTC) (envelope-from royger@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3A8FD119C; Wed, 30 Dec 2015 08:15:45 +0000 (UTC) (envelope-from royger@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBU8Fifq082370; Wed, 30 Dec 2015 08:15:44 GMT (envelope-from royger@FreeBSD.org) Received: (from royger@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBU8Fins082368; Wed, 30 Dec 2015 08:15:44 GMT (envelope-from royger@FreeBSD.org) Message-Id: <201512300815.tBU8Fins082368@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: royger set sender to royger@FreeBSD.org using -f From: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= <royger@FreeBSD.org> Date: Wed, 30 Dec 2015 08:15:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r292906 - in stable/10/sys/dev: virtio/balloon xen/balloon X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" <svn-src-all.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>, <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>; List-Post: <mailto:svn-src-all@freebsd.org> List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>, <mailto:svn-src-all-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 30 Dec 2015 08:15:45 -0000 Author: royger Date: Wed Dec 30 08:15:43 2015 New Revision: 292906 URL: https://svnweb.freebsd.org/changeset/base/292906 Log: MFC r267858: xen/virtio: fix balloon drivers to not mark pages as WIRED In the Xen case make sure pages are zeroed before giving them back to the hypervisor, or else we might be leaking data. Also remove the balloon_{append/retrieve} and link pages directly into the ballooned_pages queue using the plinks.q field in the page struct. Sponsored by: Citrix Systems R&D Requested by: bapt Modified: stable/10/sys/dev/virtio/balloon/virtio_balloon.c stable/10/sys/dev/xen/balloon/balloon.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/virtio/balloon/virtio_balloon.c ============================================================================== --- stable/10/sys/dev/virtio/balloon/virtio_balloon.c Wed Dec 30 08:02:11 2015 (r292905) +++ stable/10/sys/dev/virtio/balloon/virtio_balloon.c Wed Dec 30 08:15:43 2015 (r292906) @@ -438,8 +438,7 @@ vtballoon_alloc_page(struct vtballoon_so { vm_page_t m; - m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_WIRED | - VM_ALLOC_NOOBJ); + m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ); if (m != NULL) sc->vtballoon_current_npages++; @@ -450,7 +449,6 @@ static void vtballoon_free_page(struct vtballoon_softc *sc, vm_page_t m) { - vm_page_unwire(m, 0); vm_page_free(m); sc->vtballoon_current_npages--; } Modified: stable/10/sys/dev/xen/balloon/balloon.c ============================================================================== --- stable/10/sys/dev/xen/balloon/balloon.c Wed Dec 30 08:02:11 2015 (r292905) +++ stable/10/sys/dev/xen/balloon/balloon.c Wed Dec 30 08:15:43 2015 (r292906) @@ -94,13 +94,8 @@ SYSCTL_ULONG(_dev_xen_balloon, OID_AUTO, SYSCTL_ULONG(_dev_xen_balloon, OID_AUTO, high_mem, CTLFLAG_RD, &bs.balloon_high, 0, "High-mem balloon"); -struct balloon_entry { - vm_page_t page; - STAILQ_ENTRY(balloon_entry) list; -}; - /* List of ballooned pages, threaded through the mem_map array. */ -static STAILQ_HEAD(,balloon_entry) ballooned_pages; +static TAILQ_HEAD(,vm_page) ballooned_pages; /* Main work function, always executed in process context. */ static void balloon_process(void *unused); @@ -110,47 +105,6 @@ static void balloon_process(void *unused #define WPRINTK(fmt, args...) \ printk(KERN_WARNING "xen_mem: " fmt, ##args) -/* balloon_append: add the given page to the balloon. */ -static int -balloon_append(vm_page_t page) -{ - struct balloon_entry *entry; - - mtx_assert(&balloon_mutex, MA_OWNED); - - entry = malloc(sizeof(struct balloon_entry), M_BALLOON, M_NOWAIT); - if (!entry) - return (ENOMEM); - entry->page = page; - STAILQ_INSERT_HEAD(&ballooned_pages, entry, list); - bs.balloon_low++; - - return (0); -} - -/* balloon_retrieve: rescue a page from the balloon, if it is not empty. */ -static vm_page_t -balloon_retrieve(void) -{ - vm_page_t page; - struct balloon_entry *entry; - - mtx_assert(&balloon_mutex, MA_OWNED); - - if (STAILQ_EMPTY(&ballooned_pages)) - return (NULL); - - entry = STAILQ_FIRST(&ballooned_pages); - STAILQ_REMOVE_HEAD(&ballooned_pages, list); - - page = entry->page; - free(entry, M_BALLOON); - - bs.balloon_low--; - - return (page); -} - static unsigned long current_target(void) { @@ -203,7 +157,6 @@ static int increase_reservation(unsigned long nr_pages) { unsigned long pfn, i; - struct balloon_entry *entry; vm_page_t page; long rc; struct xen_memory_reservation reservation = { @@ -217,10 +170,9 @@ increase_reservation(unsigned long nr_pa if (nr_pages > nitems(frame_list)) nr_pages = nitems(frame_list); - for (entry = STAILQ_FIRST(&ballooned_pages), i = 0; - i < nr_pages; i++, entry = STAILQ_NEXT(entry, list)) { - KASSERT(entry, ("ballooned_pages list corrupt")); - page = entry->page; + for (page = TAILQ_FIRST(&ballooned_pages), i = 0; + i < nr_pages; i++, page = TAILQ_NEXT(page, plinks.q)) { + KASSERT(page != NULL, ("ballooned_pages list corrupt")); frame_list[i] = (VM_PAGE_TO_PHYS(page) >> PAGE_SHIFT); } @@ -245,8 +197,10 @@ increase_reservation(unsigned long nr_pa } for (i = 0; i < nr_pages; i++) { - page = balloon_retrieve(); - KASSERT(page, ("balloon_retrieve failed")); + page = TAILQ_FIRST(&ballooned_pages); + KASSERT(page != NULL, ("Unable to get ballooned page")); + TAILQ_REMOVE(&ballooned_pages, page, plinks.q); + bs.balloon_low--; pfn = (VM_PAGE_TO_PHYS(page) >> PAGE_SHIFT); KASSERT((xen_feature(XENFEAT_auto_translated_physmap) || @@ -255,7 +209,6 @@ increase_reservation(unsigned long nr_pa set_phys_to_machine(pfn, frame_list[i]); - vm_page_unwire(page, 0); vm_page_free(page); } @@ -286,24 +239,29 @@ decrease_reservation(unsigned long nr_pa for (i = 0; i < nr_pages; i++) { if ((page = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ | - VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) { + VM_ALLOC_ZERO)) == NULL) { nr_pages = i; need_sleep = 1; break; } + if ((page->flags & PG_ZERO) == 0) { + /* + * Zero the page, or else we might be leaking + * important data to other domains on the same + * host. Xen doesn't scrub ballooned out memory + * pages, the guest is in charge of making + * sure that no information is leaked. + */ + pmap_zero_page(page); + } + pfn = (VM_PAGE_TO_PHYS(page) >> PAGE_SHIFT); frame_list[i] = PFNTOMFN(pfn); set_phys_to_machine(pfn, INVALID_P2M_ENTRY); - if (balloon_append(page) != 0) { - vm_page_unwire(page, 0); - vm_page_free(page); - - nr_pages = i; - need_sleep = 1; - break; - } + TAILQ_INSERT_HEAD(&ballooned_pages, page, plinks.q); + bs.balloon_low++; } set_xen_guest_handle(reservation.extent_start, frame_list); @@ -438,7 +396,8 @@ balloon_init(void *arg) /* Initialise the balloon with excess memory space. */ for (pfn = xen_start_info->nr_pages; pfn < max_pfn; pfn++) { page = PHYS_TO_VM_PAGE(pfn << PAGE_SHIFT); - balloon_append(page); + TAILQ_INSERT_HEAD(&ballooned_pages, page, plinks.q); + bs.balloon_low++; } #undef max_pfn #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151230172556.R2352>