From bd4a7db4001364fd03a80a2e73b81c46aaa44e9c Mon Sep 17 00:00:00 2001
From: Henry Wang <Henry.Wang@arm.com>
Date: Mon, 22 Aug 2022 01:35:09 +0000
Subject: [PATCH 1/4] libxl, docs: Use arch-specific default paging memory
The default paging memory (descibed in `shadow_memory` entry in xl
config) in libxl is used to determine the memory pool size for xl
guests. Currently this size is only used for x86, and contains a part
of RAM to shadow the resident processes. Since on Arm there is no
shadow mode guests, so the part of RAM to shadow the resident processes
is not necessary. Therefore, this commit splits the function
`libxl_get_required_shadow_memory()` to arch specific helpers and
renamed the helper to `libxl__arch_get_required_paging_memory()`.
On x86, this helper calls the original value from
`libxl_get_required_shadow_memory()` so no functional change intended.
On Arm, this helper returns 1MB per vcpu plus 4KB per MiB of RAM
for the P2M map and additional 512KB.
Also update the xl.cfg documentation to add Arm documentation
according to code changes and correct the comment style following Xen
coding style.
This is part of CVE-2022-33747 / XSA-409.
Suggested-by: Julien Grall <jgrall@amazon.com>
Signed-off-by: Henry Wang <Henry.Wang@arm.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
---
docs/man/xl.cfg.5.pod.in | 5 +++++
tools/libs/light/libxl_arch.h | 4 ++++
tools/libs/light/libxl_arm.c | 14 ++++++++++++++
tools/libs/light/libxl_utils.c | 9 ++-------
tools/libs/light/libxl_x86.c | 13 +++++++++++++
5 files changed, 38 insertions(+), 7 deletions(-)
diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
index b98d1613987e..eda1e77ebd06 100644
--- a/docs/man/xl.cfg.5.pod.in
+++ b/docs/man/xl.cfg.5.pod.in
@@ -1768,6 +1768,11 @@ are not using hardware assisted paging (i.e. you are using shadow
mode) and your guest workload consists of a very large number of
similar processes then increasing this value may improve performance.
+On Arm, this field is used to determine the size of the guest P2M pages
+pool, and the default value is 1MB per vCPU plus 4KB per MB of RAM for
+the P2M map and additional 512KB for extended regions. Users should
+adjust this value if bigger P2M pool size is needed.
+
=back
=head3 Processor and Platform Features
diff --git a/tools/libs/light/libxl_arch.h b/tools/libs/light/libxl_arch.h
index 1522ecb97f72..5a060c2c3033 100644
--- a/tools/libs/light/libxl_arch.h
+++ b/tools/libs/light/libxl_arch.h
@@ -90,6 +90,10 @@ void libxl__arch_update_domain_config(libxl__gc *gc,
libxl_domain_config *dst,
const libxl_domain_config *src);
+_hidden
+unsigned long libxl__arch_get_required_paging_memory(unsigned long maxmem_kb,
+ unsigned int smp_cpus);
+
#if defined(__i386__) || defined(__x86_64__)
#define LAPIC_BASE_ADDRESS 0xfee00000
diff --git a/tools/libs/light/libxl_arm.c b/tools/libs/light/libxl_arm.c
index eef1de093914..73a95e83af24 100644
--- a/tools/libs/light/libxl_arm.c
+++ b/tools/libs/light/libxl_arm.c
@@ -154,6 +154,20 @@ out:
return rc;
}
+unsigned long libxl__arch_get_required_paging_memory(unsigned long maxmem_kb,
+ unsigned int smp_cpus)
+{
+ /*
+ * 256 pages (1MB) per vcpu,
+ * plus 1 page per MiB of RAM for the P2M map,
+ * plus 1 page per MiB of extended region. This default value is 128 MiB
+ * which should be enough for domains that are not running backend.
+ * This is higher than the minimum that Xen would allocate if no value
+ * were given (but the Xen minimum is for safety, not performance).
+ */
+ return 4 * (256 * smp_cpus + maxmem_kb / 1024 + 128);
+}
+
static struct arch_info {
const char *guest_type;
const char *timer_compat;
diff --git a/tools/libs/light/libxl_utils.c b/tools/libs/light/libxl_utils.c
index 4699c4a0a36f..e276c0ee9cc3 100644
--- a/tools/libs/light/libxl_utils.c
+++ b/tools/libs/light/libxl_utils.c
@@ -18,6 +18,7 @@
#include <ctype.h>
#include "libxl_internal.h"
+#include "libxl_arch.h"
#include "_paths.h"
#ifndef LIBXL_HAVE_NONCONST_LIBXL_BASENAME_RETURN_VALUE
@@ -39,13 +40,7 @@ char *libxl_basename(const char *name)
unsigned long libxl_get_required_shadow_memory(unsigned long maxmem_kb, unsigned int smp_cpus)
{
- /* 256 pages (1MB) per vcpu,
- plus 1 page per MiB of RAM for the P2M map,
- plus 1 page per MiB of RAM to shadow the resident processes.
- This is higher than the minimum that Xen would allocate if no value
- were given (but the Xen minimum is for safety, not performance).
- */
- return 4 * (256 * smp_cpus + 2 * (maxmem_kb / 1024));
+ return libxl__arch_get_required_paging_memory(maxmem_kb, smp_cpus);
}
char *libxl_domid_to_name(libxl_ctx *ctx, uint32_t domid)
diff --git a/tools/libs/light/libxl_x86.c b/tools/libs/light/libxl_x86.c
index 1feadebb1852..51362893cf98 100644
--- a/tools/libs/light/libxl_x86.c
+++ b/tools/libs/light/libxl_x86.c
@@ -882,6 +882,19 @@ void libxl__arch_update_domain_config(libxl__gc *gc,
libxl_defbool_val(src->b_info.arch_x86.msr_relaxed));
}
+unsigned long libxl__arch_get_required_paging_memory(unsigned long maxmem_kb,
+ unsigned int smp_cpus)
+{
+ /*
+ * 256 pages (1MB) per vcpu,
+ * plus 1 page per MiB of RAM for the P2M map,
+ * plus 1 page per MiB of RAM to shadow the resident processes.
+ * This is higher than the minimum that Xen would allocate if no value
+ * were given (but the Xen minimum is for safety, not performance).
+ */
+ return 4 * (256 * smp_cpus + 2 * (maxmem_kb / 1024));
+}
+
/*
* Local variables:
* mode: C
--
2.37.1