On 26.10.2022 12:20, Andrew Cooper wrote:
> +int arch_set_p2m_mempool_size(struct domain *d, uint64_t size)
> +{
> + unsigned long pages = size >> PAGE_SHIFT;
> + bool preempted = false;
> + int rc;
> +
> + if ( is_pv_domain(d) )
> + return -EOPNOTSUPP;
> +
> + if ( size & ~PAGE_MASK ) /* Non page-sized request? */
> + return -EINVAL;
> +
> + ASSERT(paging_mode_enabled(d));
> +
> + paging_lock(d);
> + if ( hap_enabled(d) )
> + rc = hap_set_allocation(d, pages, &preempted);
> + else
> + rc = shadow_set_allocation(d, pages, &preempted);
> + paging_unlock(d);
> +
> + return preempted ? -ERESTART : rc;
> +}
There's a further difference between HAP and shadow which may want/need
reflecting here: shadow's handling of XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION
rejects 0 as an input when shadow mode is still enabled. On one hand
that's reasonable from an abstract pov, while otoh it may be viewed as
questionable when at the same time setting to a very small value (which
will then be upped to the minimum acceptable one) is permitted. At the
very least this guards against emptying of the pool where active shadows
would be allocated from (which isn't a problem on HAP as there apart
from the allocations through hap_alloc_p2m_page() the only thing coming
from the pool are the monitor tables of each vCPU, which set-allocation
wouldn't attempt to free).
Jan
