ia64/xen-unstable

changeset 2497:de382cfbeb83

bitkeeper revision 1.1159.79.2 (414c1134FG1zvS9xwv2yPDvyS7W3ig)

Linux scrubs memory before returnign it to Xen, or transferring it to
other domains (e.g., net backend driver). To avoid continual scrubbing during
network transfers, I allocate rx skbuffs from a dedicated slab cache. Pages
only neded to be scrubbed on entry to the cache, which should be ratehr more
occasional than allocs/frees.
Finally, scrubbing can be entirely disabled via a config option under the
'XEN' menu in the 2.4 and 2.6 kernel configurators.
author kaf24@freefall.cl.cam.ac.uk
date Sat Sep 18 10:43:00 2004 +0000 (2004-09-18)
parents b239a7e0631e
children 35090d6a8da4
files .rootkeys linux-2.4.27-xen-sparse/arch/xen/config.in linux-2.4.27-xen-sparse/arch/xen/defconfig-xen0 linux-2.4.27-xen-sparse/arch/xen/defconfig-xenU linux-2.4.27-xen-sparse/arch/xen/drivers/balloon/balloon.c linux-2.4.27-xen-sparse/arch/xen/kernel/Makefile linux-2.4.27-xen-sparse/include/asm-xen/page.h linux-2.4.27-xen-sparse/include/linux/skbuff.h linux-2.4.27-xen-sparse/mkbuildtree linux-2.6.8.1-xen-sparse/arch/xen/Kconfig linux-2.6.8.1-xen-sparse/arch/xen/configs/xen0_defconfig linux-2.6.8.1-xen-sparse/arch/xen/configs/xenU_defconfig linux-2.6.8.1-xen-sparse/arch/xen/i386/kernel/pci-dma.c linux-2.6.8.1-xen-sparse/arch/xen/i386/mm/hypervisor.c linux-2.6.8.1-xen-sparse/arch/xen/kernel/Makefile linux-2.6.8.1-xen-sparse/arch/xen/kernel/skbuff.c linux-2.6.8.1-xen-sparse/drivers/xen/netback/netback.c linux-2.6.8.1-xen-sparse/drivers/xen/netfront/netfront.c linux-2.6.8.1-xen-sparse/include/asm-xen/asm-i386/page.h linux-2.6.8.1-xen-sparse/include/linux/skbuff.h xen/common/page_alloc.c
line diff
     1.1 --- a/.rootkeys	Fri Sep 17 22:05:31 2004 +0000
     1.2 +++ b/.rootkeys	Sat Sep 18 10:43:00 2004 +0000
     1.3 @@ -176,6 +176,7 @@ 4110f478aeQWllIN7J4kouAHiAqrPw linux-2.6
     1.4  412dfae9eA3_6e6bCGUtg1mj8b56fQ linux-2.6.8.1-xen-sparse/arch/xen/kernel/gnttab.c
     1.5  40f56239sFcjHiIRmnObRIDF-zaeKQ linux-2.6.8.1-xen-sparse/arch/xen/kernel/process.c
     1.6  40f562392LBhwmOxVPsYdkYXMxI_ZQ linux-2.6.8.1-xen-sparse/arch/xen/kernel/reboot.c
     1.7 +414c113396tK1HTVeUalm3u-1DF16g linux-2.6.8.1-xen-sparse/arch/xen/kernel/skbuff.c
     1.8  3f68905c5eiA-lBMQSvXLMWS1ikDEA linux-2.6.8.1-xen-sparse/arch/xen/kernel/xen_proc.c
     1.9  41261688yS8eAyy-7kzG4KBs0xbYCA linux-2.6.8.1-xen-sparse/drivers/Makefile
    1.10  4108f5c1WfTIrs0HZFeV39sttekCTw linux-2.6.8.1-xen-sparse/drivers/char/mem.c
     2.1 --- a/linux-2.4.27-xen-sparse/arch/xen/config.in	Fri Sep 17 22:05:31 2004 +0000
     2.2 +++ b/linux-2.4.27-xen-sparse/arch/xen/config.in	Sat Sep 18 10:43:00 2004 +0000
     2.3 @@ -16,6 +16,7 @@ mainmenu_option next_comment
     2.4  comment 'Xen'
     2.5  bool 'Support for privileged operations (domain 0)' CONFIG_XEN_PRIVILEGED_GUEST
     2.6  bool 'Device-driver domain (physical device access)' CONFIG_XEN_PHYSDEV_ACCESS
     2.7 +bool 'Scrub memory before freeing it to Xen' CONFIG_XEN_SCRUB_PAGES
     2.8  endmenu
     2.9  # The IBM S/390 patch needs this.
    2.10  define_bool CONFIG_NO_IDLE_HZ y
     3.1 --- a/linux-2.4.27-xen-sparse/arch/xen/defconfig-xen0	Fri Sep 17 22:05:31 2004 +0000
     3.2 +++ b/linux-2.4.27-xen-sparse/arch/xen/defconfig-xen0	Sat Sep 18 10:43:00 2004 +0000
     3.3 @@ -12,6 +12,7 @@ CONFIG_UID16=y
     3.4  #
     3.5  CONFIG_XEN_PRIVILEGED_GUEST=y
     3.6  CONFIG_XEN_PHYSDEV_ACCESS=y
     3.7 +CONFIG_XEN_SCRUB_PAGES=y
     3.8  CONFIG_NO_IDLE_HZ=y
     3.9  CONFIG_FOREIGN_PAGES=y
    3.10  
     4.1 --- a/linux-2.4.27-xen-sparse/arch/xen/defconfig-xenU	Fri Sep 17 22:05:31 2004 +0000
     4.2 +++ b/linux-2.4.27-xen-sparse/arch/xen/defconfig-xenU	Sat Sep 18 10:43:00 2004 +0000
     4.3 @@ -12,6 +12,7 @@ CONFIG_UID16=y
     4.4  #
     4.5  # CONFIG_XEN_PRIVILEGED_GUEST is not set
     4.6  # CONFIG_XEN_PHYSDEV_ACCESS is not set
     4.7 +CONFIG_XEN_SCRUB_PAGES=y
     4.8  CONFIG_NO_IDLE_HZ=y
     4.9  # CONFIG_FOREIGN_PAGES is not set
    4.10  CONFIG_NETDEVICES=y
     5.1 --- a/linux-2.4.27-xen-sparse/arch/xen/drivers/balloon/balloon.c	Fri Sep 17 22:05:31 2004 +0000
     5.2 +++ b/linux-2.4.27-xen-sparse/arch/xen/drivers/balloon/balloon.c	Sat Sep 18 10:43:00 2004 +0000
     5.3 @@ -104,8 +104,20 @@ static unsigned long inflate_balloon(uns
     5.4      {
     5.5  	unsigned long mfn = phys_to_machine_mapping[*currp];
     5.6          curraddr = (unsigned long)page_address(mem_map + *currp);
     5.7 +        /* Blow away page contents for security, and also p.t. ref if any. */
     5.8  	if ( curraddr != 0 )
     5.9 +        {
    5.10 +            scrub_pages(curraddr, 1);
    5.11              queue_l1_entry_update(get_ptep(curraddr), 0);
    5.12 +        }
    5.13 +#ifdef CONFIG_XEN_SCRUB_PAGES
    5.14 +        else
    5.15 +        {
    5.16 +            void *p = kmap(&mem_map[*currp]);
    5.17 +            scrub_pages(p, 1);
    5.18 +            kunmap(&mem_map[*currp]);
    5.19 +        }
    5.20 +#endif
    5.21          phys_to_machine_mapping[*currp] = DEAD;
    5.22          *currp = mfn;
    5.23      }
    5.24 @@ -388,9 +400,9 @@ static int balloon_write(struct file *fi
    5.25      }
    5.26  
    5.27      len = strnlen_user(buffer, count);
    5.28 -    if (len==0) return -EBADMSG;
    5.29 -    if (len==1) return 1; /* input starts with a NUL char */
    5.30 -    if ( strncpy_from_user(memstring, buffer, len) < 0)
    5.31 +    if ( len == 0 ) return -EBADMSG;
    5.32 +    if ( len == 1 ) return 1; /* input starts with a NUL char */
    5.33 +    if ( strncpy_from_user(memstring, buffer, len) < 0 )
    5.34          return -EFAULT;
    5.35  
    5.36      endchar = memstring;
     6.1 --- a/linux-2.4.27-xen-sparse/arch/xen/kernel/Makefile	Fri Sep 17 22:05:31 2004 +0000
     6.2 +++ b/linux-2.4.27-xen-sparse/arch/xen/kernel/Makefile	Sat Sep 18 10:43:00 2004 +0000
     6.3 @@ -6,12 +6,12 @@ all: kernel.o head.o init_task.o
     6.4  
     6.5  O_TARGET := kernel.o
     6.6  
     6.7 -export-objs     := i386_ksyms.o gnttab.o
     6.8 +export-objs     := i386_ksyms.o gnttab.o skbuff.o
     6.9  
    6.10  obj-y	:= process.o semaphore.o signal.o entry.o traps.o irq.o  \
    6.11  		ptrace.o ioport.o ldt.o setup.o time.o sys_i386.o \
    6.12  		i386_ksyms.o i387.o evtchn.o ctrl_if.o pci-dma.o \
    6.13 -		reboot.o fixup.o gnttab.o
    6.14 +		reboot.o fixup.o gnttab.o skbuff.o
    6.15  
    6.16  ifdef CONFIG_PCI
    6.17  obj-y	+= pci-i386.o pci-pc.o
     7.1 --- a/linux-2.4.27-xen-sparse/include/asm-xen/page.h	Fri Sep 17 22:05:31 2004 +0000
     7.2 +++ b/linux-2.4.27-xen-sparse/include/asm-xen/page.h	Sat Sep 18 10:43:00 2004 +0000
     7.3 @@ -10,9 +10,16 @@
     7.4  #ifndef __ASSEMBLY__
     7.5  
     7.6  #include <linux/config.h>
     7.7 +#include <linux/string.h>
     7.8  #include <asm/types.h>
     7.9  #include <asm/hypervisor-ifs/hypervisor-if.h>
    7.10  
    7.11 +#ifdef CONFIG_XEN_SCRUB_PAGES
    7.12 +#define scrub_pages(_p,_n) memset((void *)(_p), 0, (_n) << PAGE_SHIFT)
    7.13 +#else
    7.14 +#define scrub_pages(_p,_n) ((void)0)
    7.15 +#endif
    7.16 +
    7.17  #ifdef CONFIG_X86_USE_3DNOW
    7.18  
    7.19  #include <asm/mmx.h>
     8.1 --- a/linux-2.4.27-xen-sparse/include/linux/skbuff.h	Fri Sep 17 22:05:31 2004 +0000
     8.2 +++ b/linux-2.4.27-xen-sparse/include/linux/skbuff.h	Sat Sep 18 10:43:00 2004 +0000
     8.3 @@ -1027,19 +1027,18 @@ static inline void __skb_queue_purge(str
     8.4   *
     8.5   *	%NULL is returned in there is no free memory.
     8.6   */
     8.7 - 
     8.8 +#ifndef CONFIG_XEN 
     8.9  static inline struct sk_buff *__dev_alloc_skb(unsigned int length,
    8.10  					      int gfp_mask)
    8.11  {
    8.12 -	struct sk_buff *skb;
    8.13 -#if defined(CONFIG_XEN)
    8.14 -	length = (PAGE_SIZE/2)+1; /* force slab allocater to give us a page */
    8.15 -#endif
    8.16 -	skb = alloc_skb(length+16, gfp_mask);
    8.17 +	struct sk_buff *skb = alloc_skb(length+16, gfp_mask);
    8.18  	if (skb)
    8.19  		skb_reserve(skb,16);
    8.20  	return skb;
    8.21  }
    8.22 +#else
    8.23 +extern struct sk_buff *__dev_alloc_skb(unsigned int length, int gfp_mask);
    8.24 +#endif
    8.25  
    8.26  /**
    8.27   *	dev_alloc_skb - allocate an skbuff for sending
     9.1 --- a/linux-2.4.27-xen-sparse/mkbuildtree	Fri Sep 17 22:05:31 2004 +0000
     9.2 +++ b/linux-2.4.27-xen-sparse/mkbuildtree	Sat Sep 18 10:43:00 2004 +0000
     9.3 @@ -228,6 +228,7 @@ ln -sf ../../../${LINUX_26}/arch/xen/ker
     9.4  ln -sf ../../../${LINUX_26}/arch/xen/kernel/fixup.c
     9.5  ln -sf ../../../${LINUX_26}/arch/xen/kernel/gnttab.c
     9.6  ln -sf ../../../${LINUX_26}/arch/xen/kernel/reboot.c
     9.7 +ln -sf ../../../${LINUX_26}/arch/xen/kernel/skbuff.c
     9.8  ln -sf ../../../${LINUX_26}/arch/xen/i386/kernel/ioport.c
     9.9  ln -sf ../../../${LINUX_26}/arch/xen/i386/kernel/pci-dma.c
    9.10  
    10.1 --- a/linux-2.6.8.1-xen-sparse/arch/xen/Kconfig	Fri Sep 17 22:05:31 2004 +0000
    10.2 +++ b/linux-2.6.8.1-xen-sparse/arch/xen/Kconfig	Sat Sep 18 10:43:00 2004 +0000
    10.3 @@ -100,16 +100,26 @@ config XEN_WRITABLE_PAGETABLES
    10.4  	help
    10.5  	  Use writable L1 pagetables
    10.6  
    10.7 +config XEN_SCRUB_PAGES
    10.8 +        bool "Scrub memory before freeing it to Xen"
    10.9 +        default y
   10.10 +        help
   10.11 +          Erase memory contents before freeing it back to Xen's global
   10.12 +          pool. This ensures that any secrets contained within that
   10.13 +          memory (e.g., private keys) cannot be found by other guests that
   10.14 +          may be running on the machine. Most people will want to say Y here.
   10.15 +          If security is not a concern then you may increase performance by
   10.16 +          saying N.
   10.17 +
   10.18  endmenu
   10.19  
   10.20  config FOREIGN_PAGES
   10.21  	bool
   10.22  	default y
   10.23  
   10.24 -config PAGESIZED_SKBS
   10.25 +config HAVE_ARCH_DEV_ALLOC_SKB
   10.26  	bool
   10.27 -	default y if XEN_NETDEV_BACKEND
   10.28 -	default n if !XEN_NETDEV_BACKEND
   10.29 +	default y
   10.30  
   10.31  #config VT
   10.32  #	bool
    11.1 --- a/linux-2.6.8.1-xen-sparse/arch/xen/configs/xen0_defconfig	Fri Sep 17 22:05:31 2004 +0000
    11.2 +++ b/linux-2.6.8.1-xen-sparse/arch/xen/configs/xen0_defconfig	Sat Sep 18 10:43:00 2004 +0000
    11.3 @@ -16,8 +16,9 @@ CONFIG_XEN_BLKDEV_FRONTEND=y
    11.4  CONFIG_XEN_NETDEV_FRONTEND=y
    11.5  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    11.6  CONFIG_XEN_WRITABLE_PAGETABLES=y
    11.7 +CONFIG_XEN_SCRUB_PAGES=y
    11.8  CONFIG_FOREIGN_PAGES=y
    11.9 -CONFIG_PAGESIZED_SKBS=y
   11.10 +CONFIG_HAVE_ARCH_DEV_ALLOC_SKB=y
   11.11  CONFIG_X86=y
   11.12  # CONFIG_X86_64 is not set
   11.13  
    12.1 --- a/linux-2.6.8.1-xen-sparse/arch/xen/configs/xenU_defconfig	Fri Sep 17 22:05:31 2004 +0000
    12.2 +++ b/linux-2.6.8.1-xen-sparse/arch/xen/configs/xenU_defconfig	Sat Sep 18 10:43:00 2004 +0000
    12.3 @@ -16,8 +16,9 @@ CONFIG_XEN_BLKDEV_FRONTEND=y
    12.4  CONFIG_XEN_NETDEV_FRONTEND=y
    12.5  # CONFIG_XEN_NETDEV_FRONTEND_PIPELINED_TRANSMITTER is not set
    12.6  CONFIG_XEN_WRITABLE_PAGETABLES=y
    12.7 +CONFIG_XEN_SCRUB_PAGES=y
    12.8  CONFIG_FOREIGN_PAGES=y
    12.9 -# CONFIG_PAGESIZED_SKBS is not set
   12.10 +CONFIG_HAVE_ARCH_DEV_ALLOC_SKB=y
   12.11  CONFIG_X86=y
   12.12  # CONFIG_X86_64 is not set
   12.13  
    13.1 --- a/linux-2.6.8.1-xen-sparse/arch/xen/i386/kernel/pci-dma.c	Fri Sep 17 22:05:31 2004 +0000
    13.2 +++ b/linux-2.6.8.1-xen-sparse/arch/xen/i386/kernel/pci-dma.c	Sat Sep 18 10:43:00 2004 +0000
    13.3 @@ -55,6 +55,7 @@ void *dma_alloc_coherent(struct device *
    13.4  		pmd_t         *pmd;
    13.5  		pte_t         *pte;
    13.6  		unsigned long  pfn, i;
    13.7 +		scrub_pages(vstart, 1 << order);
    13.8  		/* 1. Zap current PTEs, giving away the underlying pages. */
    13.9  		for (i = 0; i < (1<<order); i++) {
   13.10  			pgd = pgd_offset_k(   (vstart + (i*PAGE_SIZE)));
    14.1 --- a/linux-2.6.8.1-xen-sparse/arch/xen/i386/mm/hypervisor.c	Fri Sep 17 22:05:31 2004 +0000
    14.2 +++ b/linux-2.6.8.1-xen-sparse/arch/xen/i386/mm/hypervisor.c	Sat Sep 18 10:43:00 2004 +0000
    14.3 @@ -414,6 +414,8 @@ unsigned long allocate_empty_lowmem_regi
    14.4      if ( vstart == 0 )
    14.5          return 0UL;
    14.6  
    14.7 +    scrub_pages(vstart, 1 << order);
    14.8 +
    14.9      pfn_array = vmalloc((1<<order) * sizeof(*pfn_array));
   14.10      if ( pfn_array == NULL )
   14.11          BUG();
    15.1 --- a/linux-2.6.8.1-xen-sparse/arch/xen/kernel/Makefile	Fri Sep 17 22:05:31 2004 +0000
    15.2 +++ b/linux-2.6.8.1-xen-sparse/arch/xen/kernel/Makefile	Sat Sep 18 10:43:00 2004 +0000
    15.3 @@ -10,4 +10,4 @@ XENARCH	:= $(subst ",,$(CONFIG_XENARCH))
    15.4  extra-y += vmlinux.lds.s
    15.5  
    15.6  obj-y	:= ctrl_if.o evtchn.o fixup.o process.o reboot.o xen_proc.o empty.o \
    15.7 -           gnttab.o
    15.8 +           gnttab.o skbuff.o
    16.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    16.2 +++ b/linux-2.6.8.1-xen-sparse/arch/xen/kernel/skbuff.c	Sat Sep 18 10:43:00 2004 +0000
    16.3 @@ -0,0 +1,68 @@
    16.4 +
    16.5 +#include <linux/config.h>
    16.6 +#include <linux/module.h>
    16.7 +#include <linux/version.h>
    16.8 +#include <linux/kernel.h>
    16.9 +#include <linux/sched.h>
   16.10 +#include <linux/slab.h>
   16.11 +#include <linux/string.h>
   16.12 +#include <linux/errno.h>
   16.13 +#include <linux/netdevice.h>
   16.14 +#include <linux/inetdevice.h>
   16.15 +#include <linux/etherdevice.h>
   16.16 +#include <linux/skbuff.h>
   16.17 +#include <linux/init.h>
   16.18 +#include <asm/io.h>
   16.19 +#include <asm/page.h>
   16.20 +
   16.21 +EXPORT_SYMBOL(__dev_alloc_skb);
   16.22 +
   16.23 +static kmem_cache_t *skbuff_cachep;
   16.24 +
   16.25 +struct sk_buff *__dev_alloc_skb(unsigned int length, int gfp_mask)
   16.26 +{
   16.27 +    struct sk_buff *skb;
   16.28 +    u8             *new_data, *new_shinfo; 
   16.29 +
   16.30 +    /*
   16.31 +     * Yuk! There is no way to get a skbuff head without allocating the
   16.32 +     * data area using kmalloc(). So we do that and then replace the default
   16.33 +     * data area with our own.
   16.34 +     */
   16.35 +    skb = alloc_skb(0, gfp_mask);
   16.36 +    if ( unlikely(skb == NULL) )
   16.37 +        return NULL;
   16.38 +
   16.39 +    new_data = kmem_cache_alloc(skbuff_cachep, gfp_mask);
   16.40 +    if ( new_data == NULL )
   16.41 +    {
   16.42 +        dev_kfree_skb(skb);
   16.43 +        return NULL;
   16.44 +    }
   16.45 +
   16.46 +    new_shinfo = 
   16.47 +        new_data + PAGE_SIZE - sizeof(struct skb_shared_info);
   16.48 +    memcpy(new_shinfo, skb_shinfo(skb), sizeof(struct skb_shared_info));
   16.49 +
   16.50 +    kfree(skb->head);
   16.51 +
   16.52 +    skb->head = new_data;
   16.53 +    skb->data = skb->tail = new_data + 16; /* __dev_alloc_skb does this */
   16.54 +    skb->end  = new_shinfo;
   16.55 +    skb->truesize = 1500;                  /* is this important? */
   16.56 +
   16.57 +    return skb;
   16.58 +}
   16.59 +
   16.60 +static void skbuff_ctor(void *buf, kmem_cache_t *cachep, unsigned long unused)
   16.61 +{
   16.62 +    scrub_pages(buf, 1);
   16.63 +}
   16.64 +
   16.65 +static int __init skbuff_init(void)
   16.66 +{
   16.67 +    skbuff_cachep = kmem_cache_create(
   16.68 +        "xen-skb", PAGE_SIZE, PAGE_SIZE, 0, skbuff_ctor, NULL);
   16.69 +    return 0;
   16.70 +}
   16.71 +__initcall(skbuff_init);
    17.1 --- a/linux-2.6.8.1-xen-sparse/drivers/xen/netback/netback.c	Fri Sep 17 22:05:31 2004 +0000
    17.2 +++ b/linux-2.6.8.1-xen-sparse/drivers/xen/netback/netback.c	Sat Sep 18 10:43:00 2004 +0000
    17.3 @@ -132,7 +132,7 @@ int netif_be_start_xmit(struct sk_buff *
    17.4           (((unsigned long)skb->end ^ (unsigned long)skb->head) & PAGE_MASK) ||
    17.5           ((skb->end - skb->head) < (PAGE_SIZE/2)) )
    17.6      {
    17.7 -        struct sk_buff *nskb = alloc_skb(PAGE_SIZE-1024, GFP_ATOMIC);
    17.8 +        struct sk_buff *nskb = dev_alloc_skb(PAGE_SIZE);
    17.9          int hlen = skb->data - skb->head;
   17.10          if ( unlikely(nskb == NULL) )
   17.11              goto drop;
    18.1 --- a/linux-2.6.8.1-xen-sparse/drivers/xen/netfront/netfront.c	Fri Sep 17 22:05:31 2004 +0000
    18.2 +++ b/linux-2.6.8.1-xen-sparse/drivers/xen/netfront/netfront.c	Sat Sep 18 10:43:00 2004 +0000
    18.3 @@ -39,6 +39,7 @@
    18.4  #ifndef __GFP_NOWARN
    18.5  #define __GFP_NOWARN 0
    18.6  #endif
    18.7 +#define alloc_skb_page() __dev_alloc_skb(PAGE_SIZE, GFP_ATOMIC|__GFP_NOWARN)
    18.8  
    18.9  /*
   18.10   * If the backend driver is pipelining transmit requests then we can be very
   18.11 @@ -193,35 +194,24 @@ static int netctrl_connected_count(void)
   18.12   * @param dev device
   18.13   * @return 0 on success, error code otherwise
   18.14   */
   18.15 -static int vif_wake(struct net_device *dev){
   18.16 -    int err = 0;
   18.17 +static int vif_wake(struct net_device *dev)
   18.18 +{
   18.19      struct sk_buff *skb;
   18.20 -    u32 src_ip;
   18.21 -    u32 dst_ip = INADDR_BROADCAST;
   18.22 -    unsigned char dst_hw[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
   18.23 +    u32             src_ip, dst_ip;
   18.24 +    unsigned char   dst_hw[ETH_ALEN];
   18.25  
   18.26 +    memset(dst_hw, 0xff, ETH_ALEN);
   18.27 +
   18.28 +    dst_ip = INADDR_BROADCAST;
   18.29      src_ip = inet_select_addr(dev, dst_ip, RT_SCOPE_LINK);
   18.30 +
   18.31      skb = arp_create(ARPOP_REQUEST, ETH_P_ARP,
   18.32                       dst_ip, dev, src_ip,
   18.33                       dst_hw, dev->dev_addr, NULL);
   18.34 -    if(skb == NULL){
   18.35 -        err = -ENOMEM;
   18.36 -        goto exit;
   18.37 -    }
   18.38 -    err = dev_queue_xmit(skb);
   18.39 -  exit:
   18.40 -    return err;
   18.41 -}
   18.42 +    if ( skb == NULL )
   18.43 +        return -ENOMEM;
   18.44  
   18.45 -static inline struct sk_buff *alloc_skb_page(void)
   18.46 -{
   18.47 -    struct sk_buff *skb;
   18.48 -    skb = __dev_alloc_skb((PAGE_SIZE/2)+1, GFP_ATOMIC|__GFP_NOWARN);
   18.49 -#if 0
   18.50 -    if ( skb && unlikely(((unsigned long)skb->head & (PAGE_SIZE-1)) != 0) )
   18.51 -        panic("alloc_skb needs to provide us page-aligned buffers.");
   18.52 -#endif
   18.53 -    return skb;
   18.54 +    return dev_queue_xmit(skb);
   18.55  }
   18.56  
   18.57  static int network_open(struct net_device *dev)
    19.1 --- a/linux-2.6.8.1-xen-sparse/include/asm-xen/asm-i386/page.h	Fri Sep 17 22:05:31 2004 +0000
    19.2 +++ b/linux-2.6.8.1-xen-sparse/include/asm-xen/asm-i386/page.h	Sat Sep 18 10:43:00 2004 +0000
    19.3 @@ -13,9 +13,16 @@
    19.4  #ifndef __ASSEMBLY__
    19.5  
    19.6  #include <linux/config.h>
    19.7 +#include <linux/string.h>
    19.8  #include <linux/types.h>
    19.9  #include <asm/hypervisor-ifs/hypervisor-if.h>
   19.10  
   19.11 +#ifdef CONFIG_XEN_SCRUB_PAGES
   19.12 +#define scrub_pages(_p,_n) memset((void *)(_p), 0, (_n) << PAGE_SHIFT)
   19.13 +#else
   19.14 +#define scrub_pages(_p,_n) ((void)0)
   19.15 +#endif
   19.16 +
   19.17  #ifdef CONFIG_X86_USE_3DNOW
   19.18  
   19.19  #include <asm/mmx.h>
    20.1 --- a/linux-2.6.8.1-xen-sparse/include/linux/skbuff.h	Fri Sep 17 22:05:31 2004 +0000
    20.2 +++ b/linux-2.6.8.1-xen-sparse/include/linux/skbuff.h	Sat Sep 18 10:43:00 2004 +0000
    20.3 @@ -936,18 +936,18 @@ static inline void __skb_queue_purge(str
    20.4   *
    20.5   *	%NULL is returned in there is no free memory.
    20.6   */
    20.7 +#ifndef CONFIG_HAVE_ARCH_DEV_ALLOC_SKB
    20.8  static inline struct sk_buff *__dev_alloc_skb(unsigned int length,
    20.9  					      int gfp_mask)
   20.10  {
   20.11 -	struct sk_buff *skb;
   20.12 -#ifdef CONFIG_PAGESIZED_SKBS
   20.13 -	length = max(length, (unsigned int)(PAGE_SIZE - 16));
   20.14 -#endif
   20.15 -	skb = alloc_skb(length + 16, gfp_mask);
   20.16 +	struct sk_buff *skb = alloc_skb(length + 16, gfp_mask);
   20.17  	if (likely(skb))
   20.18  		skb_reserve(skb, 16);
   20.19  	return skb;
   20.20  }
   20.21 +#else
   20.22 +extern struct sk_buff *__dev_alloc_skb(unsigned int length, int gfp_mask);
   20.23 +#endif
   20.24  
   20.25  /**
   20.26   *	dev_alloc_skb - allocate an skbuff for sending
    21.1 --- a/xen/common/page_alloc.c	Fri Sep 17 22:05:31 2004 +0000
    21.2 +++ b/xen/common/page_alloc.c	Sat Sep 18 10:43:00 2004 +0000
    21.3 @@ -28,6 +28,7 @@
    21.4  #include <xen/spinlock.h>
    21.5  #include <xen/slab.h>
    21.6  #include <xen/irq.h>
    21.7 +#include <asm/domain_page.h>
    21.8  
    21.9  extern char opt_badpage[];
   21.10  
   21.11 @@ -427,6 +428,7 @@ void free_domheap_pages(struct pfn_info 
   21.12  {
   21.13      int            i, drop_dom_ref;
   21.14      struct domain *d = pg->u.inuse.domain;
   21.15 +    void          *p;
   21.16  
   21.17      if ( unlikely(IS_XEN_HEAP_FRAME(pg)) )
   21.18      {
   21.19 @@ -448,14 +450,22 @@ void free_domheap_pages(struct pfn_info 
   21.20  
   21.21          for ( i = 0; i < (1 << order); i++ )
   21.22          {
   21.23 -#ifndef NDEBUG
   21.24 -	    if ( pg[i].u.inuse.type_info & PGT_count_mask )
   21.25 -		printk("ERROR: type count not zero on free %x\n",
   21.26 -		       pg[i].u.inuse.type_info );
   21.27 -#endif
   21.28 +            ASSERT((pg[i].u.inuse.type_info & PGT_count_mask) == 0);
   21.29              pg[i].tlbflush_timestamp  = tlbflush_clock;
   21.30              pg[i].u.free.cpu_mask     = 1 << d->processor;
   21.31              list_del(&pg[i].list);
   21.32 +
   21.33 +            /*
   21.34 +             * Normally we expect a domain to clear pages before freeing them,
   21.35 +             * if it cares about the secrecy of their contents. However, after
   21.36 +             * a domain has died we assume responsibility for erasure.
   21.37 +             */
   21.38 +            if ( unlikely(test_bit(DF_DYING, &d->flags)) )
   21.39 +            {
   21.40 +                p = map_domain_mem(page_to_phys(&pg[i]));
   21.41 +                clear_page(p);
   21.42 +                unmap_domain_mem(p);
   21.43 +            }
   21.44          }
   21.45  
   21.46          d->tot_pages -= 1 << order;