ia64/xen-unstable

changeset 2772:2a16b903818f

bitkeeper revision 1.1159.1.303 (41821734F7OlWCgL8OAaRtEc5i-iEA)

Scrub memory on reboot. Security paranoia.
author kaf24@freefall.cl.cam.ac.uk
date Fri Oct 29 10:11:00 2004 +0000 (2004-10-29)
parents 1b906236acc9
children a36dce4dc9a6
files xen/arch/x86/domain.c xen/common/kernel.c xen/common/page_alloc.c xen/include/xen/mm.h
line diff
     1.1 --- a/xen/arch/x86/domain.c	Fri Oct 29 08:33:26 2004 +0000
     1.2 +++ b/xen/arch/x86/domain.c	Fri Oct 29 10:11:00 2004 +0000
     1.3 @@ -698,6 +698,9 @@ int construct_dom0(struct domain *p,
     1.4          return -EINVAL;
     1.5      }
     1.6  
     1.7 +    /* Paranoia: scrub DOM0's memory allocation. */
     1.8 +    memset((void *)alloc_start, 0, alloc_end - alloc_start);
     1.9 +
    1.10      /* Construct a frame-allocation list for the initial domain. */
    1.11      for ( mfn = (alloc_start>>PAGE_SHIFT); 
    1.12            mfn < (alloc_end>>PAGE_SHIFT); 
     2.1 --- a/xen/common/kernel.c	Fri Oct 29 08:33:26 2004 +0000
     2.2 +++ b/xen/common/kernel.c	Fri Oct 29 10:11:00 2004 +0000
     2.3 @@ -344,6 +344,8 @@ void cmain(multiboot_info_t *mbi)
     2.4      init_domheap_pages(__pa(frame_table) + frame_table_size,
     2.5                         dom0_memory_start);
     2.6  
     2.7 +    scrub_heap_pages();
     2.8 +
     2.9      init_trace_bufs();
    2.10  
    2.11      domain_unpause_by_systemcontroller(current);
     3.1 --- a/xen/common/page_alloc.c	Fri Oct 29 08:33:26 2004 +0000
     3.2 +++ b/xen/common/page_alloc.c	Fri Oct 29 10:11:00 2004 +0000
     3.3 @@ -37,6 +37,7 @@ extern char opt_badpage[];
     3.4   *  One bit per page of memory. Bit set => page is allocated.
     3.5   */
     3.6  
     3.7 +static unsigned long  bitmap_size; /* in bytes */
     3.8  static unsigned long *alloc_bitmap;
     3.9  #define PAGES_PER_MAPWORD (sizeof(unsigned long) * 8)
    3.10  
    3.11 @@ -139,7 +140,7 @@ unsigned long init_heap_allocator(
    3.12      unsigned long bitmap_start, unsigned long max_pages)
    3.13  {
    3.14      int i, j;
    3.15 -    unsigned long bitmap_size, bad_pfn;
    3.16 +    unsigned long bad_pfn;
    3.17      char *p;
    3.18  
    3.19      memset(avail, 0, sizeof(avail));
    3.20 @@ -285,6 +286,37 @@ void free_heap_pages(int zone, struct pf
    3.21  }
    3.22  
    3.23  
    3.24 +/*
    3.25 + * Scrub all unallocated pages in all heap zones. This function is more
    3.26 + * convoluted than appears necessary because we do not want to continuously
    3.27 + * hold the lock or disable interrupts while scrubbing very large memory areas.
    3.28 + */
    3.29 +void scrub_heap_pages(void)
    3.30 +{
    3.31 +    void *p;
    3.32 +    unsigned long pfn, flags;
    3.33 +
    3.34 +    for ( pfn = 0; pfn < (bitmap_size * 8); pfn++ )
    3.35 +    {
    3.36 +        /* Quick lock-free check. */
    3.37 +        if ( allocated_in_map(pfn) )
    3.38 +            continue;
    3.39 +        
    3.40 +        spin_lock_irqsave(&heap_lock, flags);
    3.41 +        
    3.42 +        /* Re-check page status with lock held. */
    3.43 +        if ( !allocated_in_map(pfn) )
    3.44 +        {
    3.45 +            p = map_domain_mem(pfn << PAGE_SHIFT);
    3.46 +            clear_page(p);
    3.47 +            unmap_domain_mem(p);
    3.48 +        }
    3.49 +        
    3.50 +        spin_unlock_irqrestore(&heap_lock, flags);
    3.51 +    }
    3.52 +}
    3.53 +
    3.54 +
    3.55  
    3.56  /*************************
    3.57   * XEN-HEAP SUB-ALLOCATOR
     4.1 --- a/xen/include/xen/mm.h	Fri Oct 29 08:33:26 2004 +0000
     4.2 +++ b/xen/include/xen/mm.h	Fri Oct 29 10:11:00 2004 +0000
     4.3 @@ -11,6 +11,7 @@ unsigned long init_heap_allocator(
     4.4  void init_heap_pages(int zone, struct pfn_info *pg, unsigned long nr_pages);
     4.5  struct pfn_info *alloc_heap_pages(int zone, int order);
     4.6  void free_heap_pages(int zone, struct pfn_info *pg, int order);
     4.7 +void scrub_heap_pages(void);
     4.8  
     4.9  /* Xen suballocator */
    4.10  void init_xenheap_pages(unsigned long ps, unsigned long pe);