[PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Takuya Yoshikawa]

We can now export the addree of the bitmap created by do_mmap()
to user space. For the sake of this, we introduce a new API:

  KVM_SWITCH_DIRTY_LOG: application can use this to trigger the
  switch of the bitmaps and get the address of the bitmap which
  has been used until now. This reduces the copy of the dirty
  bitmap from the kernel.

Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Cc: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
---
 Documentation/kvm/api.txt |   23 +++++++++++++++++++++++
 arch/ia64/kvm/kvm-ia64.c  |   19 ++++++++++++++-----
 arch/powerpc/kvm/book3s.c |   19 ++++++++++++++-----
 arch/x86/kvm/x86.c        |   32 ++++++++++++++++++++++++++------
 include/linux/kvm.h       |    6 ++++--
 include/linux/kvm_host.h  |    7 ++++---
 virt/kvm/kvm_main.c       |   41 ++++++++++++++++++++++++++++++++++++-----
 7 files changed, 121 insertions(+), 26 deletions(-)

diff --git a/Documentation/kvm/api.txt b/Documentation/kvm/api.txt
index baa8fde..f3d1c2a 100644
--- a/Documentation/kvm/api.txt
+++ b/Documentation/kvm/api.txt
@@ -848,6 +848,29 @@ function properly, this is the place to put them.
        __u8  pad[64];
 };
 
+4.37 KVM_SWITCH_DIRTY_LOG (vm ioctl)
+
+Capability: basic
+Architectures: x86
+Type: vm ioctl
+Parameters: struct kvm_dirty_log (in/out)
+Returns: 0 on success, -1 on error
+
+/* for KVM_SWITCH_DIRTY_LOG */
+struct kvm_dirty_log {
+	__u32 slot;
+	__u32 padding;
+	union {
+		void __user *dirty_bitmap; /* one bit per page */
+		__u64 addr;
+	};
+};
+
+Given a memory slot, return the address of a bitmap containing any
+pages dirtied since the last call to this ioctl.  Bit 0 is the first
+page in the memory slot.  Ensure the entire structure is cleared to
+avoid padding issues.
+
 5. The kvm_run structure
 
 Application code obtains a pointer to the kvm_run structure by
diff --git a/arch/ia64/kvm/kvm-ia64.c b/arch/ia64/kvm/kvm-ia64.c
index c3f0b70..04fbb1c 100644
--- a/arch/ia64/kvm/kvm-ia64.c
+++ b/arch/ia64/kvm/kvm-ia64.c
@@ -1843,8 +1843,8 @@ out:
 	return r;
 }
 
-int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
-		struct kvm_dirty_log *log)
+static int kvm_ia64_update_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log,
+				     bool need_copy)
 {
 	int r;
 	unsigned long n;
@@ -1857,7 +1857,7 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
 	if (r)
 		goto out;
 
-	r = kvm_get_dirty_log(kvm, log);
+	r = kvm_update_dirty_log(kvm, log, need_copy);
 	if (r)
 		goto out;
 
@@ -1865,10 +1865,9 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
 	/* If nothing is dirty, don't bother messing with page tables. */
 	if (memslot->is_dirty) {
 		kvm_flush_remote_tlbs(kvm);
-		n = kvm_dirty_bitmap_bytes(memslot);
-		clear_user(memslot->dirty_bitmap, n);
 		memslot->is_dirty = false;
 	}
+
 	r = 0;
 out:
 	mutex_unlock(&kvm->slots_lock);
@@ -1876,6 +1875,16 @@ out:
 	return r;
 }
 
+int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log)
+{
+	return kvm_ia64_update_dirty_log(kvm, log, true);
+}
+
+int kvm_vm_ioctl_switch_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log)
+{
+	return kvm_ia64_update_dirty_log(kvm, log, false);
+}
+
 int kvm_arch_hardware_setup(void)
 {
 	return 0;
diff --git a/arch/powerpc/kvm/book3s.c b/arch/powerpc/kvm/book3s.c
index b074e19..d813dca 100644
--- a/arch/powerpc/kvm/book3s.c
+++ b/arch/powerpc/kvm/book3s.c
@@ -1112,8 +1112,9 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
 /*
  * Get (and clear) the dirty memory log for a memory slot.
  */
-int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
-				      struct kvm_dirty_log *log)
+static int kvmppc_update_dirty_log(struct kvm *kvm,
+				   struct kvm_dirty_log *log,
+				   bool need_copy)
 {
 	struct kvm_memory_slot *memslot;
 	struct kvm_vcpu *vcpu;
@@ -1123,7 +1124,7 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
 
 	mutex_lock(&kvm->slots_lock);
 
-	r = kvm_get_dirty_log(kvm, log);
+	r = kvm_update_dirty_log(kvm, log, need_copy);
 	if (r)
 		goto out;
 
@@ -1136,8 +1137,6 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
 		kvm_for_each_vcpu(n, vcpu, kvm)
 			kvmppc_mmu_pte_pflush(vcpu, ga, ga_end);
 
-		n = kvm_dirty_bitmap_bytes(memslot);
-		clear_user(memslot->dirty_bitmap, n);
 		memslot->is_dirty = false;
 	}
 
@@ -1147,6 +1146,16 @@ out:
 	return r;
 }
 
+int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log)
+{
+	return kvmppc_update_dirty_log(kvm, log, true);
+}
+
+int kvm_vm_ioctl_switch_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log)
+{
+	return kvmppc_update_dirty_log(kvm, log, false);
+}
+
 int kvmppc_core_check_processor_compat(void)
 {
 	return 0;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index ad55353..45b728c 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2718,11 +2718,9 @@ static int kvm_vm_ioctl_reinject(struct kvm *kvm,
 	return 0;
 }
 
-/*
- * Get (and clear) the dirty memory log for a memory slot.
- */
-int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
-				      struct kvm_dirty_log *log)
+static int kvm_x86_update_dirty_log(struct kvm *kvm,
+				    struct kvm_dirty_log *log,
+				    bool need_copy)
 {
 	int r;
 	struct kvm_memory_slot *memslot;
@@ -2773,12 +2771,34 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
 		dirty_bitmap_old = dirty_bitmap;
 	}
 
-	r = kvm_copy_dirty_bitmap(log->dirty_bitmap, dirty_bitmap_old, n);
+	if (need_copy) {
+		r = kvm_copy_dirty_bitmap(log->dirty_bitmap,
+					  dirty_bitmap_old, n);
+	} else {
+		log->addr = (unsigned long)dirty_bitmap_old;
+		r = 0;
+	}
 out:
 	mutex_unlock(&kvm->slots_lock);
 	return r;
 }
 
+/*
+ * Get (and clear) the dirty memory log for a memory slot.
+ */
+int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log)
+{
+	return kvm_x86_update_dirty_log(kvm, log, true);
+}
+
+/*
+ * Switch to the next dirty bitmap and return the address of the old one.
+ */
+int kvm_vm_ioctl_switch_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log)
+{
+	return kvm_x86_update_dirty_log(kvm, log, false);
+}
+
 long kvm_arch_vm_ioctl(struct file *filp,
 		       unsigned int ioctl, unsigned long arg)
 {
diff --git a/include/linux/kvm.h b/include/linux/kvm.h
index 23ea022..9fa6f1e 100644
--- a/include/linux/kvm.h
+++ b/include/linux/kvm.h
@@ -12,7 +12,7 @@
 #include <linux/ioctl.h>
 #include <asm/kvm.h>
 
-#define KVM_API_VERSION 12
+#define KVM_API_VERSION 13
 
 /* *** Deprecated interfaces *** */
 
@@ -318,7 +318,7 @@ struct kvm_dirty_log {
 	__u32 padding1;
 	union {
 		void __user *dirty_bitmap; /* one bit per page */
-		__u64 padding2;
+		__u64 addr;
 	};
 };
 
@@ -524,6 +524,7 @@ struct kvm_enable_cap {
 #define KVM_CAP_PPC_OSI 52
 #define KVM_CAP_PPC_UNSET_IRQ 53
 #define KVM_CAP_ENABLE_CAP 54
+#define KVM_CAP_USER_DIRTY_BITMAP 55
 
 #ifdef KVM_CAP_IRQ_ROUTING
 
@@ -620,6 +621,7 @@ struct kvm_clock_data {
 					struct kvm_userspace_memory_region)
 #define KVM_SET_TSS_ADDR          _IO(KVMIO,   0x47)
 #define KVM_SET_IDENTITY_MAP_ADDR _IOW(KVMIO,  0x48, __u64)
+#define KVM_SWITCH_DIRTY_LOG      _IOW(KVMIO,  0x49, struct kvm_dirty_log)
 /* Device model IOC */
 #define KVM_CREATE_IRQCHIP        _IO(KVMIO,   0x60)
 #define KVM_IRQ_LINE              _IOW(KVMIO,  0x61, struct kvm_irq_level)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index d4d217a..addecee 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -334,9 +334,10 @@ int kvm_dev_ioctl_check_extension(long ext);
 int kvm_copy_dirty_bitmap(unsigned long __user *to,
 			  const unsigned long __user *from,
 			  unsigned long bytes);
-int kvm_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log);
-int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
-				struct kvm_dirty_log *log);
+int kvm_update_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log,
+			 bool need_copy);
+int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log);
+int kvm_vm_ioctl_switch_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log);
 
 int kvm_vm_ioctl_set_memory_region(struct kvm *kvm,
 				   struct
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 9323639..cba133d 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -844,7 +844,8 @@ out_fault:
 #endif
 }
 
-int kvm_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log)
+int kvm_update_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log,
+			 bool need_copy)
 {
 	struct kvm_memory_slot *memslot;
 	int r;
@@ -861,9 +862,23 @@ int kvm_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log)
 
 	n = kvm_dirty_bitmap_bytes(memslot);
 
-	r = -EFAULT;
-	if (kvm_copy_dirty_bitmap(log->dirty_bitmap, memslot->dirty_bitmap, n))
-		goto out;
+	if (need_copy) {
+		r = -EFAULT;
+		if (kvm_copy_dirty_bitmap(log->dirty_bitmap,
+					  memslot->dirty_bitmap, n))
+			goto out;
+
+		if (memslot->is_dirty)
+			clear_user(memslot->dirty_bitmap, n);
+	} else {
+		unsigned long __user *dirty_bitmap;
+
+		dirty_bitmap = memslot->dirty_bitmap;
+		clear_user(memslot->dirty_bitmap_old, n);
+		memslot->dirty_bitmap = memslot->dirty_bitmap_old;
+		memslot->dirty_bitmap_old = dirty_bitmap;
+		log->addr = (unsigned long)dirty_bitmap;
+	}
 
 	r = 0;
 out:
@@ -1699,6 +1714,21 @@ static long kvm_vm_ioctl(struct file *filp,
 			goto out;
 		break;
 	}
+	case KVM_SWITCH_DIRTY_LOG: {
+		struct kvm_dirty_log log;
+
+		r = -EFAULT;
+		if (copy_from_user(&log, argp, sizeof log))
+			goto out;
+		r = kvm_vm_ioctl_switch_dirty_log(kvm, &log);
+		if (r)
+			goto out;
+		r = -EFAULT;
+		if (copy_to_user(argp, &log, sizeof log))
+			goto out;
+		r = 0;
+		break;
+	}
 #ifdef KVM_COALESCED_MMIO_PAGE_OFFSET
 	case KVM_REGISTER_COALESCED_MMIO: {
 		struct kvm_coalesced_mmio_zone zone;
@@ -1790,7 +1820,7 @@ static long kvm_vm_compat_ioctl(struct file *filp,
 			goto out;
 		log.slot	 = compat_log.slot;
 		log.padding1	 = compat_log.padding1;
-		log.padding2	 = compat_log.padding2;
+		log.addr	 = compat_log.padding2;
 		log.dirty_bitmap = compat_ptr(compat_log.dirty_bitmap);
 
 		r = kvm_vm_ioctl_get_dirty_log(kvm, &log);
@@ -1879,6 +1909,7 @@ static long kvm_dev_ioctl_check_extension_generic(long arg)
 	case KVM_CAP_SET_BOOT_CPU_ID:
 #endif
 	case KVM_CAP_INTERNAL_ERROR_DATA:
+	case KVM_CAP_USER_DIRTY_BITMAP:
 		return 1;
 #ifdef CONFIG_HAVE_KVM_IRQCHIP
 	case KVM_CAP_IRQ_ROUTING:
-- 
1.6.3.3

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Alexander Graf]

On 20.04.2010, at 13:03, Takuya Yoshikawa wrote:

> We can now export the addree of the bitmap created by do_mmap()
> to user space. For the sake of this, we introduce a new API:
> 
>  KVM_SWITCH_DIRTY_LOG: application can use this to trigger the
>  switch of the bitmaps and get the address of the bitmap which
>  has been used until now. This reduces the copy of the dirty
>  bitmap from the kernel.
> 
> Signed-off-by: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
> Cc: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
> ---
> Documentation/kvm/api.txt |   23 +++++++++++++++++++++++
> arch/ia64/kvm/kvm-ia64.c  |   19 ++++++++++++++-----
> arch/powerpc/kvm/book3s.c |   19 ++++++++++++++-----
> arch/x86/kvm/x86.c        |   32 ++++++++++++++++++++++++++------
> include/linux/kvm.h       |    6 ++++--
> include/linux/kvm_host.h  |    7 ++++---
> virt/kvm/kvm_main.c       |   41 ++++++++++++++++++++++++++++++++++++-----
> 7 files changed, 121 insertions(+), 26 deletions(-)
> 

[...]

> diff --git a/include/linux/kvm.h b/include/linux/kvm.h
> index 23ea022..9fa6f1e 100644
> --- a/include/linux/kvm.h
> +++ b/include/linux/kvm.h
> @@ -12,7 +12,7 @@
> #include <linux/ioctl.h>
> #include <asm/kvm.h>
> 
> -#define KVM_API_VERSION 12
> +#define KVM_API_VERSION 13

Is there a way to keep both interfaces around for some time at least? I'd prefer the API version not to change if not _really_ necessary.

To enable the new dirty mapping you could for example use KVM_CAP_ENABLE_CAP :-).


Alex 

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Alexander Graf]

On 20.04.2010, at 13:33, Takuya Yoshikawa wrote:

> (2010/04/20 20:15), Alexander Graf wrote:
>> 
>> On 20.04.2010, at 13:03, Takuya Yoshikawa wrote:
>> 
>>> We can now export the addree of the bitmap created by do_mmap()
>>> to user space. For the sake of this, we introduce a new API:
>>> 
>>>  KVM_SWITCH_DIRTY_LOG: application can use this to trigger the
>>>  switch of the bitmaps and get the address of the bitmap which
>>>  has been used until now. This reduces the copy of the dirty
>>>  bitmap from the kernel.
>>> 
>>> Signed-off-by: Takuya Yoshikawa<yoshikawa.takuya@oss.ntt.co.jp>
>>> Cc: Fernando Luis Vazquez Cao<fernando@oss.ntt.co.jp>
>>> ---
>>> Documentation/kvm/api.txt |   23 +++++++++++++++++++++++
>>> arch/ia64/kvm/kvm-ia64.c  |   19 ++++++++++++++-----
>>> arch/powerpc/kvm/book3s.c |   19 ++++++++++++++-----
>>> arch/x86/kvm/x86.c        |   32 ++++++++++++++++++++++++++------
>>> include/linux/kvm.h       |    6 ++++--
>>> include/linux/kvm_host.h  |    7 ++++---
>>> virt/kvm/kvm_main.c       |   41 ++++++++++++++++++++++++++++++++++++-----
>>> 7 files changed, 121 insertions(+), 26 deletions(-)
>>> 
>> 
>> [...]
>> 
>>> diff --git a/include/linux/kvm.h b/include/linux/kvm.h
>>> index 23ea022..9fa6f1e 100644
>>> --- a/include/linux/kvm.h
>>> +++ b/include/linux/kvm.h
>>> @@ -12,7 +12,7 @@
>>> #include<linux/ioctl.h>
>>> #include<asm/kvm.h>
>>> 
>>> -#define KVM_API_VERSION 12
>>> +#define KVM_API_VERSION 13
>> 
>> Is there a way to keep both interfaces around for some time at least? I'd prefer the API version not to change if not _really_ necessary.
>> 
>> To enable the new dirty mapping you could for example use KVM_CAP_ENABLE_CAP :-).
> 
> Thanks, I did not know what is the appropriate way for this kind of change.
> 
> I just read the comments in the kvm.h and thought I had to update the number whenever
> I added some entries to kvm.h .

The rule of thumb is:

KVM_API_VERSION change -> complete breakage. No way to run older userspace on newer kernels.
new CAP -> optional feature

If I read correctly you're changing quite a few existing interfaces, so old userspace wouldn't work anymore. Hence I'm proposing using activating the new way of dirty logging optionally.

Alex

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Takuya Yoshikawa]

(2010/04/20 20:15), Alexander Graf wrote:
>
> On 20.04.2010, at 13:03, Takuya Yoshikawa wrote:
>
>> We can now export the addree of the bitmap created by do_mmap()
>> to user space. For the sake of this, we introduce a new API:
>>
>>   KVM_SWITCH_DIRTY_LOG: application can use this to trigger the
>>   switch of the bitmaps and get the address of the bitmap which
>>   has been used until now. This reduces the copy of the dirty
>>   bitmap from the kernel.
>>
>> Signed-off-by: Takuya Yoshikawa<yoshikawa.takuya@oss.ntt.co.jp>
>> Cc: Fernando Luis Vazquez Cao<fernando@oss.ntt.co.jp>
>> ---
>> Documentation/kvm/api.txt |   23 +++++++++++++++++++++++
>> arch/ia64/kvm/kvm-ia64.c  |   19 ++++++++++++++-----
>> arch/powerpc/kvm/book3s.c |   19 ++++++++++++++-----
>> arch/x86/kvm/x86.c        |   32 ++++++++++++++++++++++++++------
>> include/linux/kvm.h       |    6 ++++--
>> include/linux/kvm_host.h  |    7 ++++---
>> virt/kvm/kvm_main.c       |   41 ++++++++++++++++++++++++++++++++++++-----
>> 7 files changed, 121 insertions(+), 26 deletions(-)
>>
>
> [...]
>
>> diff --git a/include/linux/kvm.h b/include/linux/kvm.h
>> index 23ea022..9fa6f1e 100644
>> --- a/include/linux/kvm.h
>> +++ b/include/linux/kvm.h
>> @@ -12,7 +12,7 @@
>> #include<linux/ioctl.h>
>> #include<asm/kvm.h>
>>
>> -#define KVM_API_VERSION 12
>> +#define KVM_API_VERSION 13
>
> Is there a way to keep both interfaces around for some time at least? I'd prefer the API version not to change if not _really_ necessary.
>
> To enable the new dirty mapping you could for example use KVM_CAP_ENABLE_CAP :-).

Thanks, I did not know what is the appropriate way for this kind of change.

I just read the comments in the kvm.h and thought I had to update the number whenever
I added some entries to kvm.h .


>
>
> Alex
>
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Takuya Yoshikawa]

(2010/04/20 20:33), Alexander Graf wrote:
>>>>
>>>> -#define KVM_API_VERSION 12
>>>> +#define KVM_API_VERSION 13
>>>
>>> Is there a way to keep both interfaces around for some time at least? I'd prefer the API version not to change if not _really_ necessary.
>>>
>>> To enable the new dirty mapping you could for example use KVM_CAP_ENABLE_CAP :-).
>>
>> Thanks, I did not know what is the appropriate way for this kind of change.
>>
>> I just read the comments in the kvm.h and thought I had to update the number whenever
>> I added some entries to kvm.h .
>
> The rule of thumb is:
>
> KVM_API_VERSION change ->  complete breakage. No way to run older userspace on newer kernels.
> new CAP ->  optional feature
>
> If I read correctly you're changing quite a few existing interfaces, so old userspace wouldn't work anymore. Hence I'm proposing using activating the new way of dirty logging optionally.
>
> Alex
>

The fact is, I am trying to keep the existing interfaces completely(KVM_API_VERSION part is my mistake).

For x86, I have checked that current qemu works without any change.
I mean we can use get_dirty_log() as is.

And as you propose, we can determine which api(swith_* or get_*) we use optionally.

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[@ 2010-04-21 8:29 UTC (permalink / raw)]

On 04/20/2010 08:03 PM, Takuya Yoshikawa wrote:
> @@ -318,7 +318,7 @@ struct kvm_dirty_log {
>  	__u32 padding1;
>  	union {
>  		void __user *dirty_bitmap; /* one bit per page */
> -		__u64 padding2;
> +		__u64 addr;

This can break on x86_32 and x86_64-compat. addr is a long not a __u64.


> +	case KVM_SWITCH_DIRTY_LOG: {
> +		struct kvm_dirty_log log;
> +
> +		r = -EFAULT;
> +		if (copy_from_user(&log, argp, sizeof log))
> +			goto out;
> +		r = kvm_vm_ioctl_switch_dirty_log(kvm, &log);
> +		if (r)
> +			goto out;
> +		r = -EFAULT;
> +		if (copy_to_user(argp, &log, sizeof log))
> +			goto out;
> +		r = 0;
> +		break;
> +	}

In x86_64-compat mode we are handling 32bit user-space addresses
so we need the compat counterpart of KVM_SWITCH_DIRTY_LOG too.

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Alexander Graf]

On 21.04.2010, at 10:29, Fernando Luis Vázquez Cao wrote:

> On 04/20/2010 08:03 PM, Takuya Yoshikawa wrote:
>> @@ -318,7 +318,7 @@ struct kvm_dirty_log {
>> 	__u32 padding1;
>> 	union {
>> 		void __user *dirty_bitmap; /* one bit per page */
>> -		__u64 padding2;
>> +		__u64 addr;
> 
> This can break on x86_32 and x86_64-compat. addr is a long not a __u64.

So the high 32 bits are zero. Where's the problem?

> 
> 
>> +	case KVM_SWITCH_DIRTY_LOG: {
>> +		struct kvm_dirty_log log;
>> +
>> +		r = -EFAULT;
>> +		if (copy_from_user(&log, argp, sizeof log))
>> +			goto out;
>> +		r = kvm_vm_ioctl_switch_dirty_log(kvm, &log);
>> +		if (r)
>> +			goto out;
>> +		r = -EFAULT;
>> +		if (copy_to_user(argp, &log, sizeof log))
>> +			goto out;
>> +		r = 0;
>> +		break;
>> +	}
> 
> In x86_64-compat mode we are handling 32bit user-space addresses
> so we need the compat counterpart of KVM_SWITCH_DIRTY_LOG too.

The compat code just forwards everything to the generic ioctls.

Alex

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Avi Kivity]

On 04/20/2010 02:03 PM, Takuya Yoshikawa wrote:
> We can now export the addree of the bitmap created by do_mmap()
> to user space. For the sake of this, we introduce a new API:
>
>    KVM_SWITCH_DIRTY_LOG: application can use this to trigger the
>    switch of the bitmaps and get the address of the bitmap which
>    has been used until now. This reduces the copy of the dirty
>    bitmap from the kernel.
>
>
> diff --git a/Documentation/kvm/api.txt b/Documentation/kvm/api.txt
> index baa8fde..f3d1c2a 100644
> --- a/Documentation/kvm/api.txt
> +++ b/Documentation/kvm/api.txt
> @@ -848,6 +848,29 @@ function properly, this is the place to put them.
>          __u8  pad[64];
>   };
>
> +4.37 KVM_SWITCH_DIRTY_LOG (vm ioctl)
> +
> +Capability: basic
>    

Capability: basic means that this is available on all kvm versions, 
which isn't the case.  This should say KVM_CAP_USER_DIRTY_BITMAP.
> +Architectures: x86
>    

All architecures...

> +Type: vm ioctl
> +Parameters: struct kvm_dirty_log (in/out)
> +Returns: 0 on success, -1 on error
> +
> +/* for KVM_SWITCH_DIRTY_LOG */
> +struct kvm_dirty_log {
> +	__u32 slot;
> +	__u32 padding;
>    

Please put a flags field here (and verify it is zero in the ioctl 
implementation).  This allows us to extend it later.

> +	union {
> +		void __user *dirty_bitmap; /* one bit per page */
> +		__u64 addr;
> +	};
>    

Just make dirty_bitmap a __u64.  With the union there is the risk that 
someone forgets to zero the structure so we get some random bits in the 
pointer, and also issues with big endian and s390 compat.

Reserve some extra space here for future expansion.

Hm.  I see that this is the existing kvm_dirty_log structure.  So we 
can't play with it, ignore my comments about it.

> +};
> +
> +Given a memory slot, return the address of a bitmap containing any
> +pages dirtied since the last call to this ioctl.  Bit 0 is the first
> +page in the memory slot.  Ensure the entire structure is cleared to
> +avoid padding issues.
>    

Document that bitmaps but be aligned and padded to 64-bits to avoid 
32-on-64 issues.  Explain that dirty_bitmap will be the next returned 
(do we actually need the return value?  userspace can simply remember it 
from the last call).

How is the dirty log set when we start logging?  With kernel allocated 
bitmaps this isn't a problem, but with user allocated bitmaps?

> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index ad55353..45b728c 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -2718,11 +2718,9 @@ static int kvm_vm_ioctl_reinject(struct kvm *kvm,
>   	return 0;
>   }
>
> -/*
> - * Get (and clear) the dirty memory log for a memory slot.
> - */
> -int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
> -				      struct kvm_dirty_log *log)
> +static int kvm_x86_update_dirty_log(struct kvm *kvm,
> +				    struct kvm_dirty_log *log,
> +				    bool need_copy)
>   {
>   	int r;
>   	struct kvm_memory_slot *memslot;
> @@ -2773,12 +2771,34 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
>   		dirty_bitmap_old = dirty_bitmap;
>   	}
>
> -	r = kvm_copy_dirty_bitmap(log->dirty_bitmap, dirty_bitmap_old, n);
> +	if (need_copy) {
> +		r = kvm_copy_dirty_bitmap(log->dirty_bitmap,
> +					  dirty_bitmap_old, n);
> +	} else {
> +		log->addr = (unsigned long)dirty_bitmap_old;
> +		r = 0;
> +	}
>    

Instead of passing need_copy everywhere, you might check a flag in 
log->.  You'll need a flag to know whether to munmap() or not, no?

> diff --git a/include/linux/kvm.h b/include/linux/kvm.h
> index 23ea022..9fa6f1e 100644
> --- a/include/linux/kvm.h
> +++ b/include/linux/kvm.h
> @@ -12,7 +12,7 @@
>   #include<linux/ioctl.h>
>   #include<asm/kvm.h>
>
> -#define KVM_API_VERSION 12
> +#define KVM_API_VERSION 13
>    

As Alex says, this breaks all known userspace.

>
>   /* *** Deprecated interfaces *** */
>
> @@ -318,7 +318,7 @@ struct kvm_dirty_log {
>   	__u32 padding1;
>   	union {
>   		void __user *dirty_bitmap; /* one bit per page */
> -		__u64 padding2;
> +		__u64 addr;
>   	};
>   };
>    

Update the comment above to note it applies to KVM_SWITCH_DIRTY_LOG.

> @@ -1699,6 +1714,21 @@ static long kvm_vm_ioctl(struct file *filp,
>   			goto out;
>   		break;
>   	}
> +	case KVM_SWITCH_DIRTY_LOG: {
> +		struct kvm_dirty_log log;
> +
> +		r = -EFAULT;
> +		if (copy_from_user(&log, argp, sizeof log))
> +			goto out;
> +		r = kvm_vm_ioctl_switch_dirty_log(kvm,&log);
> +		if (r)
> +			goto out;
> +		r = -EFAULT;
> +		if (copy_to_user(argp,&log, sizeof log))
> +			goto out;
> +		r = 0;
>    

You return 0, contrary to the documentation...

-- 
error compiling committee.c: too many arguments to function

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[@ 2010-04-22 2:45 UTC (permalink / raw)]

On 04/21/2010 06:41 PM, Alexander Graf wrote:
> On 21.04.2010, at 10:29, Fernando Luis Vázquez Cao wrote:
> 
>> On 04/20/2010 08:03 PM, Takuya Yoshikawa wrote:
>>> @@ -318,7 +318,7 @@ struct kvm_dirty_log {
>>> 	__u32 padding1;
>>> 	union {
>>> 		void __user *dirty_bitmap; /* one bit per page */
>>> -		__u64 padding2;
>>> +		__u64 addr;
>>
>> This can break on x86_32 and x86_64-compat. addr is a long not a __u64.
> 
> So the high 32 bits are zero. Where's the problem?

If we are careful enough to cast the addr appropriately we should be fine,
even if we keep the padding field in the union. I am not saying that it
breaks 32 architectures but that it can potentially be problematic.

>>> +	case KVM_SWITCH_DIRTY_LOG: {
>>> +		struct kvm_dirty_log log;
>>> +
>>> +		r = -EFAULT;
>>> +		if (copy_from_user(&log, argp, sizeof log))
>>> +			goto out;
>>> +		r = kvm_vm_ioctl_switch_dirty_log(kvm, &log);
>>> +		if (r)
>>> +			goto out;
>>> +		r = -EFAULT;
>>> +		if (copy_to_user(argp, &log, sizeof log))
>>> +			goto out;
>>> +		r = 0;
>>> +		break;
>>> +	}
>>
>> In x86_64-compat mode we are handling 32bit user-space addresses
>> so we need the compat counterpart of KVM_SWITCH_DIRTY_LOG too.
> 
> The compat code just forwards everything to the generic ioctls.

The compat code uses struct compat_kvm_dirty_log instead of
struct kvm_dirty_log to communicate with user space so
the necessary conversions needs to be done before invoking
the generic ioctl (see KVM_GET_DIRTY_LOG in kvm_vm_compat_ioctl).

By the way we probable should move the definition of struct
compat_kvm_dirty_log to a header file.

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[@ 2010-04-22 6:09 UTC (permalink / raw)]

On 04/22/2010 11:45 AM, Fernando Luis Vázquez Cao wrote:
> On 04/21/2010 06:41 PM, Alexander Graf wrote:
>> On 21.04.2010, at 10:29, Fernando Luis Vázquez Cao wrote:
>>
>>> On 04/20/2010 08:03 PM, Takuya Yoshikawa wrote:
>>>> @@ -318,7 +318,7 @@ struct kvm_dirty_log {
>>>> 	__u32 padding1;
>>>> 	union {
>>>> 		void __user *dirty_bitmap; /* one bit per page */
>>>> -		__u64 padding2;
>>>> +		__u64 addr;
>>>
>>> This can break on x86_32 and x86_64-compat. addr is a long not a __u64.
>>
>> So the high 32 bits are zero. Where's the problem?
> 
> If we are careful enough to cast the addr appropriately we should be fine,
> even if we keep the padding field in the union. I am not saying that it
> breaks 32 architectures but that it can potentially be problematic.
> 
>>>> +	case KVM_SWITCH_DIRTY_LOG: {
>>>> +		struct kvm_dirty_log log;
>>>> +
>>>> +		r = -EFAULT;
>>>> +		if (copy_from_user(&log, argp, sizeof log))
>>>> +			goto out;
>>>> +		r = kvm_vm_ioctl_switch_dirty_log(kvm, &log);
>>>> +		if (r)
>>>> +			goto out;
>>>> +		r = -EFAULT;
>>>> +		if (copy_to_user(argp, &log, sizeof log))
>>>> +			goto out;
>>>> +		r = 0;
>>>> +		break;
>>>> +	}
>>>
>>> In x86_64-compat mode we are handling 32bit user-space addresses
>>> so we need the compat counterpart of KVM_SWITCH_DIRTY_LOG too.
>>
>> The compat code just forwards everything to the generic ioctls.
> 
> The compat code uses struct compat_kvm_dirty_log instead of
> struct kvm_dirty_log to communicate with user space so
> the necessary conversions needs to be done before invoking
> the generic ioctl (see KVM_GET_DIRTY_LOG in kvm_vm_compat_ioctl).
> 
> By the way we probable should move the definition of struct
> compat_kvm_dirty_log to a header file.

It seems that it was you and Arnd who added the kvm_vm compat ioctl :-).
Are you considering a different approach to tackle the issues that we
have with a big-endian userspace?

Thanks,

Fernando

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Takuya Yoshikawa]

Thanks, I can know basic rules about kvm/api .

(2010/04/21 20:46), Avi Kivity wrote:

>
>> +Type: vm ioctl
>> +Parameters: struct kvm_dirty_log (in/out)
>> +Returns: 0 on success, -1 on error
>> +
>> +/* for KVM_SWITCH_DIRTY_LOG */
>> +struct kvm_dirty_log {
>> + __u32 slot;
>> + __u32 padding;
>
> Please put a flags field here (and verify it is zero in the ioctl
> implementation). This allows us to extend it later.
>
>> + union {
>> + void __user *dirty_bitmap; /* one bit per page */
>> + __u64 addr;
>> + };
>
> Just make dirty_bitmap a __u64. With the union there is the risk that
> someone forgets to zero the structure so we get some random bits in the
> pointer, and also issues with big endian and s390 compat.
>
> Reserve some extra space here for future expansion.
>
> Hm. I see that this is the existing kvm_dirty_log structure. So we can't
> play with it, ignore my comments about it.

So, introducing a new structure to export(and get) two bitmap addresses
with a flag is the thing?

1. Qemu calls ioctl to get the two addresses.
2. Qemu calls ioctl to make KVM switch the dirty bitmaps.
    --> in this case, qemu have to change the address got in step 1.
    ...
3. Qemu calls ioctl(we can reuse 1. with different command flag) to free the bitmaps.


In my plan, we don't let qemu malloc() dirty bitmaps: at least, I want to make that
another patch set because this patch set already has some dependencies to other issues.

But, yes, I can make the struct considering the future expansion if it needed.


>>
>> - r = kvm_copy_dirty_bitmap(log->dirty_bitmap, dirty_bitmap_old, n);
>> + if (need_copy) {
>> + r = kvm_copy_dirty_bitmap(log->dirty_bitmap,
>> + dirty_bitmap_old, n);
>> + } else {
>> + log->addr = (unsigned long)dirty_bitmap_old;
>> + r = 0;
>> + }
>
> Instead of passing need_copy everywhere, you might check a flag in
> log->. You'll need a flag to know whether to munmap() or not, no?

To judge munmap() or not, putting in the memory slot's flag may be
more useful.

But as you suggest, we won't use kvm_dirty_log so parameters will change.

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Alexander Graf]

On 22.04.2010, at 08:09, Fernando Luis Vázquez Cao wrote:

> On 04/22/2010 11:45 AM, Fernando Luis Vázquez Cao wrote:
>> On 04/21/2010 06:41 PM, Alexander Graf wrote:
>>> On 21.04.2010, at 10:29, Fernando Luis Vázquez Cao wrote:
>>> 
>>>> On 04/20/2010 08:03 PM, Takuya Yoshikawa wrote:
>>>>> @@ -318,7 +318,7 @@ struct kvm_dirty_log {
>>>>> 	__u32 padding1;
>>>>> 	union {
>>>>> 		void __user *dirty_bitmap; /* one bit per page */
>>>>> -		__u64 padding2;
>>>>> +		__u64 addr;
>>>> 
>>>> This can break on x86_32 and x86_64-compat. addr is a long not a __u64.
>>> 
>>> So the high 32 bits are zero. Where's the problem?
>> 
>> If we are careful enough to cast the addr appropriately we should be fine,
>> even if we keep the padding field in the union. I am not saying that it
>> breaks 32 architectures but that it can potentially be problematic.
>> 
>>>>> +	case KVM_SWITCH_DIRTY_LOG: {
>>>>> +		struct kvm_dirty_log log;
>>>>> +
>>>>> +		r = -EFAULT;
>>>>> +		if (copy_from_user(&log, argp, sizeof log))
>>>>> +			goto out;
>>>>> +		r = kvm_vm_ioctl_switch_dirty_log(kvm, &log);
>>>>> +		if (r)
>>>>> +			goto out;
>>>>> +		r = -EFAULT;
>>>>> +		if (copy_to_user(argp, &log, sizeof log))
>>>>> +			goto out;
>>>>> +		r = 0;
>>>>> +		break;
>>>>> +	}
>>>> 
>>>> In x86_64-compat mode we are handling 32bit user-space addresses
>>>> so we need the compat counterpart of KVM_SWITCH_DIRTY_LOG too.
>>> 
>>> The compat code just forwards everything to the generic ioctls.
>> 
>> The compat code uses struct compat_kvm_dirty_log instead of
>> struct kvm_dirty_log to communicate with user space so
>> the necessary conversions needs to be done before invoking
>> the generic ioctl (see KVM_GET_DIRTY_LOG in kvm_vm_compat_ioctl).
>> 
>> By the way we probable should move the definition of struct
>> compat_kvm_dirty_log to a header file.
> 
> It seems that it was you and Arnd who added the kvm_vm compat ioctl :-).
> Are you considering a different approach to tackle the issues that we
> have with a big-endian userspace?

IIRC the issue was a pointer inside of a nested structure, no?


Alex

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[@ 2010-04-23 10:17 UTC (permalink / raw)]

On 04/23/2010 08:29 AM, Alexander Graf wrote:
> 
> On 22.04.2010, at 08:09, Fernando Luis Vázquez Cao wrote:
> 
>> On 04/22/2010 11:45 AM, Fernando Luis Vázquez Cao wrote:
>>> On 04/21/2010 06:41 PM, Alexander Graf wrote:
>>>> On 21.04.2010, at 10:29, Fernando Luis Vázquez Cao wrote:
>>>>
>>>>> On 04/20/2010 08:03 PM, Takuya Yoshikawa wrote:
>>>>>> @@ -318,7 +318,7 @@ struct kvm_dirty_log {
>>>>>> 	__u32 padding1;
>>>>>> 	union {
>>>>>> 		void __user *dirty_bitmap; /* one bit per page */
>>>>>> -		__u64 padding2;
>>>>>> +		__u64 addr;
>>>>>
>>>>> This can break on x86_32 and x86_64-compat. addr is a long not a __u64.
>>>>
>>>> So the high 32 bits are zero. Where's the problem?
>>>
>>> If we are careful enough to cast the addr appropriately we should be fine,
>>> even if we keep the padding field in the union. I am not saying that it
>>> breaks 32 architectures but that it can potentially be problematic.
>>>
>>>>>> +	case KVM_SWITCH_DIRTY_LOG: {
>>>>>> +		struct kvm_dirty_log log;
>>>>>> +
>>>>>> +		r = -EFAULT;
>>>>>> +		if (copy_from_user(&log, argp, sizeof log))
>>>>>> +			goto out;
>>>>>> +		r = kvm_vm_ioctl_switch_dirty_log(kvm, &log);
>>>>>> +		if (r)
>>>>>> +			goto out;
>>>>>> +		r = -EFAULT;
>>>>>> +		if (copy_to_user(argp, &log, sizeof log))
>>>>>> +			goto out;
>>>>>> +		r = 0;
>>>>>> +		break;
>>>>>> +	}
>>>>>
>>>>> In x86_64-compat mode we are handling 32bit user-space addresses
>>>>> so we need the compat counterpart of KVM_SWITCH_DIRTY_LOG too.
>>>>
>>>> The compat code just forwards everything to the generic ioctls.
>>>
>>> The compat code uses struct compat_kvm_dirty_log instead of
>>> struct kvm_dirty_log to communicate with user space so
>>> the necessary conversions needs to be done before invoking
>>> the generic ioctl (see KVM_GET_DIRTY_LOG in kvm_vm_compat_ioctl).
>>>
>>> By the way we probable should move the definition of struct
>>> compat_kvm_dirty_log to a header file.
>>
>> It seems that it was you and Arnd who added the kvm_vm compat ioctl :-).
>> Are you considering a different approach to tackle the issues that we
>> have with a big-endian userspace?
> 
> IIRC the issue was a pointer inside of a nested structure, no?

I would say the reason is that if we did not convert the user-space pointer to
a "void *" kvm_get_dirty_log() would end up copying the dirty log to

(log->dirty_bitmap << 32) | 0x00000000

Am I missing something?

Thanks,

Fernando

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Alexander Graf]

On 23.04.2010, at 12:17, Fernando Luis Vázquez Cao wrote:

> On 04/23/2010 08:29 AM, Alexander Graf wrote:
>> 
>> On 22.04.2010, at 08:09, Fernando Luis Vázquez Cao wrote:
>> 
>>> On 04/22/2010 11:45 AM, Fernando Luis Vázquez Cao wrote:
>>>> On 04/21/2010 06:41 PM, Alexander Graf wrote:
>>>>> On 21.04.2010, at 10:29, Fernando Luis Vázquez Cao wrote:
>>>>> 
>>>>>> On 04/20/2010 08:03 PM, Takuya Yoshikawa wrote:
>>>>>>> @@ -318,7 +318,7 @@ struct kvm_dirty_log {
>>>>>>> 	__u32 padding1;
>>>>>>> 	union {
>>>>>>> 		void __user *dirty_bitmap; /* one bit per page */
>>>>>>> -		__u64 padding2;
>>>>>>> +		__u64 addr;
>>>>>> 
>>>>>> This can break on x86_32 and x86_64-compat. addr is a long not a __u64.
>>>>> 
>>>>> So the high 32 bits are zero. Where's the problem?
>>>> 
>>>> If we are careful enough to cast the addr appropriately we should be fine,
>>>> even if we keep the padding field in the union. I am not saying that it
>>>> breaks 32 architectures but that it can potentially be problematic.
>>>> 
>>>>>>> +	case KVM_SWITCH_DIRTY_LOG: {
>>>>>>> +		struct kvm_dirty_log log;
>>>>>>> +
>>>>>>> +		r = -EFAULT;
>>>>>>> +		if (copy_from_user(&log, argp, sizeof log))
>>>>>>> +			goto out;
>>>>>>> +		r = kvm_vm_ioctl_switch_dirty_log(kvm, &log);
>>>>>>> +		if (r)
>>>>>>> +			goto out;
>>>>>>> +		r = -EFAULT;
>>>>>>> +		if (copy_to_user(argp, &log, sizeof log))
>>>>>>> +			goto out;
>>>>>>> +		r = 0;
>>>>>>> +		break;
>>>>>>> +	}
>>>>>> 
>>>>>> In x86_64-compat mode we are handling 32bit user-space addresses
>>>>>> so we need the compat counterpart of KVM_SWITCH_DIRTY_LOG too.
>>>>> 
>>>>> The compat code just forwards everything to the generic ioctls.
>>>> 
>>>> The compat code uses struct compat_kvm_dirty_log instead of
>>>> struct kvm_dirty_log to communicate with user space so
>>>> the necessary conversions needs to be done before invoking
>>>> the generic ioctl (see KVM_GET_DIRTY_LOG in kvm_vm_compat_ioctl).
>>>> 
>>>> By the way we probable should move the definition of struct
>>>> compat_kvm_dirty_log to a header file.
>>> 
>>> It seems that it was you and Arnd who added the kvm_vm compat ioctl :-).
>>> Are you considering a different approach to tackle the issues that we
>>> have with a big-endian userspace?
>> 
>> IIRC the issue was a pointer inside of a nested structure, no?
> 
> I would say the reason is that if we did not convert the user-space pointer to
> a "void *" kvm_get_dirty_log() would end up copying the dirty log to
> 
> (log->dirty_bitmap << 32) | 0x00000000

Well yes, that was the problem. If we always set the __u64 value to the pointer we're safe though.

union {
  void *p;
  __u64 q;
}

void x(void *r)
{
  // breaks:
  p = r;

  // works:
  q = (ulong)r;
}

Alex

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Avi Kivity]

On 04/23/2010 01:20 PM, Alexander Graf wrote:
>
>> I would say the reason is that if we did not convert the user-space pointer to
>> a "void *" kvm_get_dirty_log() would end up copying the dirty log to
>>
>> (log->dirty_bitmap<<  32) | 0x00000000
>>      
> Well yes, that was the problem. If we always set the __u64 value to the pointer we're safe though.
>
> union {
>    void *p;
>    __u64 q;
> }
>
> void x(void *r)
> {
>    // breaks:
>    p = r;
>
>    // works:
>    q = (ulong)r;
> }
>    

In that case it's better to avoid p altogether, since users will 
naturally assign to the pointer.

Using a 64-bit integer avoids the problem (though perhaps not sufficient 
for s390, Arnd?)

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Avi Kivity]

On 04/22/2010 12:34 PM, Takuya Yoshikawa wrote:
> Thanks, I can know basic rules about kvm/api .
>
> (2010/04/21 20:46), Avi Kivity wrote:
>
>>
>>> +Type: vm ioctl
>>> +Parameters: struct kvm_dirty_log (in/out)
>>> +Returns: 0 on success, -1 on error
>>> +
>>> +/* for KVM_SWITCH_DIRTY_LOG */
>>> +struct kvm_dirty_log {
>>> + __u32 slot;
>>> + __u32 padding;
>>
>> Please put a flags field here (and verify it is zero in the ioctl
>> implementation). This allows us to extend it later.
>>
>>> + union {
>>> + void __user *dirty_bitmap; /* one bit per page */
>>> + __u64 addr;
>>> + };
>>
>> Just make dirty_bitmap a __u64. With the union there is the risk that
>> someone forgets to zero the structure so we get some random bits in the
>> pointer, and also issues with big endian and s390 compat.
>>
>> Reserve some extra space here for future expansion.
>>
>> Hm. I see that this is the existing kvm_dirty_log structure. So we can't
>> play with it, ignore my comments about it.
>
> So, introducing a new structure to export(and get) two bitmap addresses
> with a flag is the thing?
>
> 1. Qemu calls ioctl to get the two addresses.
> 2. Qemu calls ioctl to make KVM switch the dirty bitmaps.
>    --> in this case, qemu have to change the address got in step 1.
>    ...
> 3. Qemu calls ioctl(we can reuse 1. with different command flag) to 
> free the bitmaps.
>
>
> In my plan, we don't let qemu malloc() dirty bitmaps: at least, I want 
> to make that
> another patch set because this patch set already has some dependencies 
> to other issues.
>
> But, yes, I can make the struct considering the future expansion if it 
> needed.

I guess it's better, since this patch is a "future expansion" of 
KVN_GET_DIRTY_LOG.  If we had a flags field and some room there, we 
could keep the old ioctl.

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Alexander Graf]

On 23.04.2010, at 13:57, Avi Kivity wrote:

> On 04/23/2010 01:20 PM, Alexander Graf wrote:
>> 
>>> I would say the reason is that if we did not convert the user-space pointer to
>>> a "void *" kvm_get_dirty_log() would end up copying the dirty log to
>>> 
>>> (log->dirty_bitmap<<  32) | 0x00000000
>>>     
>> Well yes, that was the problem. If we always set the __u64 value to the pointer we're safe though.
>> 
>> union {
>>   void *p;
>>   __u64 q;
>> }
>> 
>> void x(void *r)
>> {
>>   // breaks:
>>   p = r;
>> 
>>   // works:
>>   q = (ulong)r;
>> }
>>   
> 
> In that case it's better to avoid p altogether, since users will naturally assign to the pointer.
> 
> Using a 64-bit integer avoids the problem (though perhaps not sufficient for s390, Arnd?)

We only support 64 bit on S390, so we should be safe here. Even if not, compat mode has 31 bits pointers, so padding them to 64 bit should work too.


Alex

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Arnd Bergmann]

On Friday 23 April 2010, Avi Kivity wrote:
> On 04/23/2010 01:20 PM, Alexander Graf wrote:
> >
> >> I would say the reason is that if we did not convert the user-space pointer to
> >> a "void *" kvm_get_dirty_log() would end up copying the dirty log to
> >>
> >> (log->dirty_bitmap<<  32) | 0x00000000
> >>      
> > Well yes, that was the problem. If we always set the __u64 value to the pointer we're safe though.
> >
> > union {
> >    void *p;
> >    __u64 q;
> > }
> >
> > void x(void *r)
> > {
> >    // breaks:
> >    p = r;
> >
> >    // works:
> >    q = (ulong)r;
> > }
> >    
> 
> In that case it's better to avoid p altogether, since users will 
> naturally assign to the pointer.

Right.
 
> Using a 64-bit integer avoids the problem (though perhaps not sufficient 
> for s390, Arnd?)

When there is only a __u64 for the address, it will work on s390 as well,
gcc is smart enough to clear the upper bit on a cast from long to pointer.

The simple rule is to never put any 'long' or pointer into data structures
that you pass to an ioctl, and to add padding to multiples of 64 bit to
align the data structure for the x86 alignment problem.

	Arnd

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Avi Kivity]

On 04/23/2010 03:27 PM, Arnd Bergmann wrote:
>
>> Using a 64-bit integer avoids the problem (though perhaps not sufficient
>> for s390, Arnd?)
>>      
> When there is only a __u64 for the address, it will work on s390 as well,
> gcc is smart enough to clear the upper bit on a cast from long to pointer.
>    

Ah, much more convenient than compat_ioctl.  I assume it part of the 
ABI, not a gccism?

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Arnd Bergmann]

On Friday 23 April 2010, Avi Kivity wrote:
> On 04/23/2010 03:27 PM, Arnd Bergmann wrote:
> >
> >> Using a 64-bit integer avoids the problem (though perhaps not sufficient
> >> for s390, Arnd?)
> >>      
> > When there is only a __u64 for the address, it will work on s390 as well,
> > gcc is smart enough to clear the upper bit on a cast from long to pointer.
> >    
> 
> Ah, much more convenient than compat_ioctl.  I assume it part of the 
> ABI, not a gccism?

I don't think it's part of the ABI, but it's required to guarantee
that code like this works:

int compare_pointer(void *a, void *b)
{
	unsigned long ai = (unsigned long)a, bi = (unsigned long)b;

	return ai = bi; /* true if a and b point to the same object */
}

We certainly rely on this already.

	Arnd

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Avi Kivity]

On 04/23/2010 03:46 PM, Arnd Bergmann wrote:
> On Friday 23 April 2010, Avi Kivity wrote:
>    
>> On 04/23/2010 03:27 PM, Arnd Bergmann wrote:
>>      
>>>        
>>>> Using a 64-bit integer avoids the problem (though perhaps not sufficient
>>>> for s390, Arnd?)
>>>>
>>>>          
>>> When there is only a __u64 for the address, it will work on s390 as well,
>>> gcc is smart enough to clear the upper bit on a cast from long to pointer.
>>>
>>>        
>> Ah, much more convenient than compat_ioctl.  I assume it part of the
>> ABI, not a gccism?
>>      
> I don't think it's part of the ABI, but it's required to guarantee
> that code like this works:
>
> int compare_pointer(void *a, void *b)
> {
> 	unsigned long ai = (unsigned long)a, bi = (unsigned long)b;
>
> 	return ai = bi; /* true if a and b point to the same object */
> }
>
> We certainly rely on this already.
>    

Ah so the 31st bit is optional as far as userspace is concerned?  What 
does it mean? (just curious)

What happens on the opposite conversion?  is it restored?

What about

int compare_pointer(void *a, void *b)
{
	unsigned long ai = (unsigned long)a;
	void *aia = (void *)ai;

	return a = b; /* true if a and b point to the same object */
}


Does gcc mask the big in pointer comparisons as well?

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Alexander Graf]

On 23.04.2010, at 14:53, Avi Kivity wrote:

> On 04/23/2010 03:46 PM, Arnd Bergmann wrote:
>> On Friday 23 April 2010, Avi Kivity wrote:
>>   
>>> On 04/23/2010 03:27 PM, Arnd Bergmann wrote:
>>>     
>>>>       
>>>>> Using a 64-bit integer avoids the problem (though perhaps not sufficient
>>>>> for s390, Arnd?)
>>>>> 
>>>>>         
>>>> When there is only a __u64 for the address, it will work on s390 as well,
>>>> gcc is smart enough to clear the upper bit on a cast from long to pointer.
>>>> 
>>>>       
>>> Ah, much more convenient than compat_ioctl.  I assume it part of the
>>> ABI, not a gccism?
>>>     
>> I don't think it's part of the ABI, but it's required to guarantee
>> that code like this works:
>> 
>> int compare_pointer(void *a, void *b)
>> {
>> 	unsigned long ai = (unsigned long)a, bi = (unsigned long)b;
>> 
>> 	return ai = bi; /* true if a and b point to the same object */
>> }
>> 
>> We certainly rely on this already.
>>   
> 
> Ah so the 31st bit is optional as far as userspace is concerned?  What does it mean? (just curious)

The 0x80000000 bit declares that a pointer is in 24-bit mode, so that applications can use the spare upper bits for random data.

See http://en.wikipedia.org/wiki/31-bit for an explanation.

Alex

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty bitmaps

[Arnd Bergmann]

On Friday 23 April 2010, Avi Kivity wrote:
> Ah so the 31st bit is optional as far as userspace is concerned?  What 
> does it mean? (just curious)

On data pointers it's ignored. When you branch to a function, this bit
determines whether the target function is run in 24 or 31 bit mode.
This allows linking to legacy code on older operating systems that
also support 24 bit libraries.

> What happens on the opposite conversion?  is it restored?
> 
> What about
> 
> int compare_pointer(void *a, void *b)
> {
>         unsigned long ai = (unsigned long)a;
>         void *aia = (void *)ai;
> 
>         return a = b; /* true if a and b point to the same object */
> }

Some instructions set the bit, others clear it, so aia and a may not
be bitwise identical.

> Does gcc mask the big in pointer comparisons as well?

Yes. To stay in the above example:

a = aia;					/* true */
(unsigned long)a = (unsigned long)aia;		/* true */
*(unsigned long *)&a = *(unsigned long *)&aia; /* undefined on s390 */

	Arnd

Re: [PATCH RFC v2 6/6] KVM: introduce a new API for getting dirty

[Avi Kivity]

On 04/23/2010 03:59 PM, Alexander Graf wrote:
>
>> Ah so the 31st bit is optional as far as userspace is concerned?  What does it mean? (just curious)
>>      
> The 0x80000000 bit declares that a pointer is in 24-bit mode, so that applications can use the spare upper bits for random data.
>
> See http://en.wikipedia.org/wiki/31-bit for an explanation.
>    

Interesting.  Luckily AMD made the top 16 bits of pointers reserved in 
x86-64.

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.