From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: pbonzini@redhat.com, dgilbert@redhat.com,
Juan Quintela <quintela@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 2/5] exec: qemu_ram_alloc_device, qemu_ram_resize
Date: Mon, 17 Nov 2014 22:15:12 +0200 [thread overview]
Message-ID: <20141117201512.GA16974@redhat.com> (raw)
In-Reply-To: <1416254843-16859-3-git-send-email-mst@redhat.com>
On Mon, Nov 17, 2014 at 10:08:53PM +0200, Michael S. Tsirkin wrote:
> Add API to manage on-device RAM.
> This looks just like regular RAM from migration POV,
> but has two special properties internally:
>
> - it is never exposed to guest
> - block is sized on migration, making it easier to extend
> without breaking migration compatibility or wasting
> virtual memory
> - callers must specify an upper bound on size
>
> Device is notified on resize, so it can adjust if necessary.
>
> qemu_ram_alloc_device allocates this memory, qemu_ram_resize resizes it.
>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Minor clarification: the need to supply max size helps
simplify code, but it's also a security feature:
the next patch uses that to validate incoming stream,
preventing DOS attacks by making qemu allocate
huge amounts of RAM.
> ---
> include/exec/cpu-all.h | 8 +++-
> include/exec/ram_addr.h | 7 +++
> exec.c | 113 +++++++++++++++++++++++++++++++++++++++++++-----
> 3 files changed, 115 insertions(+), 13 deletions(-)
>
> diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
> index 62f5581..26eb9b2 100644
> --- a/include/exec/cpu-all.h
> +++ b/include/exec/cpu-all.h
> @@ -299,11 +299,15 @@ CPUArchState *cpu_copy(CPUArchState *env);
>
> /* memory API */
>
> -typedef struct RAMBlock {
> +typedef struct RAMBlock RAMBlock;
> +
> +struct RAMBlock {
> struct MemoryRegion *mr;
> uint8_t *host;
> ram_addr_t offset;
> ram_addr_t length;
> + ram_addr_t max_length;
> + void (*resized)(const char*, uint64_t length, void *host);
> uint32_t flags;
> char idstr[256];
> /* Reads can take either the iothread or the ramlist lock.
> @@ -311,7 +315,7 @@ typedef struct RAMBlock {
> */
> QTAILQ_ENTRY(RAMBlock) next;
> int fd;
> -} RAMBlock;
> +};
>
> static inline void *ramblock_ptr(RAMBlock *block, ram_addr_t offset)
> {
> diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
> index d7e5238..72ab12b 100644
> --- a/include/exec/ram_addr.h
> +++ b/include/exec/ram_addr.h
> @@ -28,12 +28,19 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
> ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
> MemoryRegion *mr, Error **errp);
> ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp);
> +ram_addr_t qemu_ram_alloc_device(ram_addr_t size, ram_addr_t max_size,
> + void (*resized)(const char*,
> + uint64_t length,
> + void *host),
> + MemoryRegion *mr, Error **errp);
> int qemu_get_ram_fd(ram_addr_t addr);
> void *qemu_get_ram_block_host_ptr(ram_addr_t addr);
> void *qemu_get_ram_ptr(ram_addr_t addr);
> void qemu_ram_free(ram_addr_t addr);
> void qemu_ram_free_from_ptr(ram_addr_t addr);
>
> +int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp);
> +
> static inline bool cpu_physical_memory_get_dirty(ram_addr_t start,
> ram_addr_t length,
> unsigned client)
> diff --git a/exec.c b/exec.c
> index 9648669..a177816 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -75,6 +75,11 @@ static MemoryRegion io_mem_unassigned;
> /* RAM is mmap-ed with MAP_SHARED */
> #define RAM_SHARED (1 << 1)
>
> +/* On-device RAM allocated with g_malloc: supports realloc,
> + * not accessible to vcpu on kvm.
> + */
> +#define RAM_DEVICE (1 << 2)
> +
> #endif
>
> struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
> @@ -1186,7 +1191,7 @@ static ram_addr_t find_ram_offset(ram_addr_t size)
> QTAILQ_FOREACH(block, &ram_list.blocks, next) {
> ram_addr_t end, next = RAM_ADDR_MAX;
>
> - end = block->offset + block->length;
> + end = block->offset + block->max_length;
>
> QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
> if (next_block->offset >= end) {
> @@ -1214,7 +1219,7 @@ ram_addr_t last_ram_offset(void)
> ram_addr_t last = 0;
>
> QTAILQ_FOREACH(block, &ram_list.blocks, next)
> - last = MAX(last, block->offset + block->length);
> + last = MAX(last, block->offset + block->max_length);
>
> return last;
> }
> @@ -1296,6 +1301,50 @@ static int memory_try_enable_merging(void *addr, size_t len)
> return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
> }
>
> +int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
> +{
> + RAMBlock *block = find_ram_block(base);
> +
> + assert(block);
> +
> + if (block->length == newsize) {
> + return 0;
> + }
> +
> + if (!(block->flags & RAM_DEVICE)) {
> + error_setg_errno(errp, EINVAL,
> + "Length mismatch: %s: 0x" RAM_ADDR_FMT
> + " in != 0x" RAM_ADDR_FMT, block->idstr,
> + newsize, block->length);
> + return -EINVAL;
> + }
> +
> + if (block->max_length < newsize) {
> + error_setg_errno(errp, EINVAL,
> + "Length too large: %s: 0x" RAM_ADDR_FMT
> + " > 0x" RAM_ADDR_FMT, block->idstr,
> + newsize, block->max_length);
> + return -EINVAL;
> + }
> +
> + block->host = g_realloc(block->host, newsize);
> + if (!block->host) {
> + error_setg_errno(errp, errno,
> + "cannot allocate guest memory '%s'",
> + memory_region_name(block->mr));
> + return -ENOMEM;
> + }
> +
> + cpu_physical_memory_clear_dirty_range_nocode(block->offset, block->length);
> + block->length = newsize;
> + memset(block->host, 0, block->length);
> + cpu_physical_memory_set_dirty_range_nocode(block->offset, block->length);
> + if (block->resized) {
> + block->resized(block->idstr, newsize, block->host);
> + }
> + return 0;
> +}
> +
> static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
> {
> RAMBlock *block;
> @@ -1308,7 +1357,16 @@ static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
> new_block->offset = find_ram_offset(new_block->length);
>
> if (!new_block->host) {
> - if (xen_enabled()) {
> + if (new_block->flags & RAM_DEVICE) {
> + new_block->host = g_malloc0(new_block->length);
> + if (!new_block->host) {
> + error_setg_errno(errp, errno,
> + "cannot allocate guest memory '%s'",
> + memory_region_name(new_block->mr));
> + qemu_mutex_unlock_ramlist();
> + return -1;
> + }
> + } else if (xen_enabled()) {
> xen_ram_alloc(new_block->offset, new_block->length, new_block->mr);
> } else {
> new_block->host = phys_mem_alloc(new_block->length,
> @@ -1352,12 +1410,14 @@ static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
> }
> cpu_physical_memory_set_dirty_range(new_block->offset, new_block->length);
>
> - qemu_ram_setup_dump(new_block->host, new_block->length);
> - qemu_madvise(new_block->host, new_block->length, QEMU_MADV_HUGEPAGE);
> - qemu_madvise(new_block->host, new_block->length, QEMU_MADV_DONTFORK);
> + if (!(new_block->flags & RAM_DEVICE)) {
> + qemu_ram_setup_dump(new_block->host, new_block->length);
> + qemu_madvise(new_block->host, new_block->length, QEMU_MADV_HUGEPAGE);
> + qemu_madvise(new_block->host, new_block->length, QEMU_MADV_DONTFORK);
>
> - if (kvm_enabled()) {
> - kvm_setup_guest_memory(new_block->host, new_block->length);
> + if (kvm_enabled()) {
> + kvm_setup_guest_memory(new_block->host, new_block->length);
> + }
> }
>
> return new_block->offset;
> @@ -1392,6 +1452,7 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
> new_block = g_malloc0(sizeof(*new_block));
> new_block->mr = mr;
> new_block->length = size;
> + new_block->max_length = size;
> new_block->flags = share ? RAM_SHARED : 0;
> new_block->host = file_ram_alloc(new_block, size,
> mem_path, errp);
> @@ -1410,7 +1471,12 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
> }
> #endif
>
> -ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
> +static
> +ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
> + void (*resized)(const char*,
> + uint64_t length,
> + void *host),
> + void *host, bool device,
> MemoryRegion *mr, Error **errp)
> {
> RAMBlock *new_block;
> @@ -1418,14 +1484,21 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
> Error *local_err = NULL;
>
> size = TARGET_PAGE_ALIGN(size);
> + max_size = TARGET_PAGE_ALIGN(max_size);
> new_block = g_malloc0(sizeof(*new_block));
> new_block->mr = mr;
> + new_block->resized = resized;
> new_block->length = size;
> + new_block->max_length = max_size;
> + assert(max_size >= size);
> new_block->fd = -1;
> new_block->host = host;
> if (host) {
> new_block->flags |= RAM_PREALLOC;
> }
> + if (device) {
> + new_block->flags |= RAM_DEVICE;
> + }
> addr = ram_block_add(new_block, &local_err);
> if (local_err) {
> g_free(new_block);
> @@ -1435,9 +1508,24 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
> return addr;
> }
>
> +ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
> + MemoryRegion *mr, Error **errp)
> +{
> + return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
> +}
> +
> ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
> {
> - return qemu_ram_alloc_from_ptr(size, NULL, mr, errp);
> + return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
> +}
> +
> +ram_addr_t qemu_ram_alloc_device(ram_addr_t size, ram_addr_t maxsz,
> + void (*resized)(const char*,
> + uint64_t length,
> + void *host),
> + MemoryRegion *mr, Error **errp)
> +{
> + return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
> }
>
> void qemu_ram_free_from_ptr(ram_addr_t addr)
> @@ -1471,6 +1559,8 @@ void qemu_ram_free(ram_addr_t addr)
> ram_list.version++;
> if (block->flags & RAM_PREALLOC) {
> ;
> + } else if (block->flags & RAM_DEVICE) {
> + g_free(block->host);
> } else if (xen_enabled()) {
> xen_invalidate_map_cache_entry(block->host);
> #ifndef _WIN32
> @@ -1501,7 +1591,8 @@ void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
> offset = addr - block->offset;
> if (offset < block->length) {
> vaddr = ramblock_ptr(block, offset);
> - if (block->flags & RAM_PREALLOC) {
> + if (block->flags & RAM_PREALLOC ||
> + block->flags & RAM_DEVICE) {
> ;
> } else if (xen_enabled()) {
> abort();
> --
> MST
>
next prev parent reply other threads:[~2014-11-17 20:15 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-17 20:08 [Qemu-devel] [PATCH 0/5] pc: make ROMs resizeable Michael S. Tsirkin
2014-11-17 20:08 ` [Qemu-devel] [PATCH 1/5] cpu: add cpu_physical_memory_clear_dirty_range_nocode Michael S. Tsirkin
2014-11-19 9:10 ` Juan Quintela
2014-11-17 20:08 ` [Qemu-devel] [PATCH 2/5] exec: qemu_ram_alloc_device, qemu_ram_resize Michael S. Tsirkin
2014-11-17 20:15 ` Michael S. Tsirkin [this message]
2014-11-18 6:03 ` Paolo Bonzini
2014-11-18 7:49 ` Michael S. Tsirkin
2014-11-19 9:19 ` Juan Quintela
2014-11-19 9:33 ` Michael S. Tsirkin
2014-11-19 10:11 ` Juan Quintela
2014-11-19 10:21 ` Michael S. Tsirkin
2014-11-19 10:45 ` Juan Quintela
2014-11-19 13:28 ` Michael S. Tsirkin
2014-11-19 13:44 ` Paolo Bonzini
2014-11-19 13:57 ` Juan Quintela
2014-11-19 14:13 ` Dr. David Alan Gilbert
2014-11-19 14:22 ` Paolo Bonzini
2014-11-19 14:26 ` Dr. David Alan Gilbert
2014-11-19 14:28 ` Paolo Bonzini
2014-11-19 14:59 ` Dr. David Alan Gilbert
2014-11-19 15:38 ` Michael S. Tsirkin
2014-11-19 15:53 ` Dr. David Alan Gilbert
2014-11-19 14:22 ` Juan Quintela
2014-11-19 14:20 ` Paolo Bonzini
2014-11-19 16:39 ` Juan Quintela
2014-11-19 16:56 ` Paolo Bonzini
2014-11-19 16:27 ` Kevin O'Connor
2014-11-19 17:01 ` Paolo Bonzini
2014-11-20 8:12 ` Gerd Hoffmann
2014-11-20 10:00 ` Paolo Bonzini
2014-11-19 13:49 ` Juan Quintela
2014-11-19 13:51 ` Paolo Bonzini
2014-11-19 14:03 ` Juan Quintela
2014-11-19 14:11 ` Paolo Bonzini
2014-11-19 14:16 ` Dr. David Alan Gilbert
2014-11-19 14:28 ` Paolo Bonzini
2014-11-19 14:20 ` Juan Quintela
2014-11-19 15:43 ` Michael S. Tsirkin
2014-11-19 10:16 ` Markus Armbruster
2014-11-19 10:30 ` Michael S. Tsirkin
2014-11-19 10:50 ` Juan Quintela
2014-11-19 13:36 ` Michael S. Tsirkin
2014-11-19 13:51 ` Juan Quintela
2014-11-19 15:46 ` Michael S. Tsirkin
2014-11-19 16:45 ` Juan Quintela
2014-11-19 18:28 ` Paolo Bonzini
2014-11-20 13:35 ` Markus Armbruster
2014-11-20 14:04 ` Michael S. Tsirkin
2014-11-24 13:48 ` Paolo Bonzini
2014-11-19 13:58 ` Peter Maydell
2014-11-19 14:07 ` Juan Quintela
2014-11-19 14:10 ` Peter Maydell
2014-11-19 14:18 ` Juan Quintela
2014-11-19 16:08 ` Stefan Hajnoczi
2014-11-19 14:19 ` Paolo Bonzini
2014-11-19 14:21 ` Peter Maydell
2014-11-19 14:30 ` Paolo Bonzini
2014-11-19 15:16 ` Michael S. Tsirkin
2014-11-19 16:50 ` Juan Quintela
2014-11-19 15:12 ` Michael S. Tsirkin
2014-11-19 15:04 ` Michael S. Tsirkin
2014-11-17 20:08 ` [Qemu-devel] [PATCH 3/5] arch_init: support resizing on incoming migration Michael S. Tsirkin
2014-11-17 20:08 ` [Qemu-devel] [PATCH 4/5] memory: interface to allocate device ram Michael S. Tsirkin
2014-11-17 20:21 ` Peter Maydell
2014-11-18 11:54 ` Michael S. Tsirkin
2014-11-17 20:09 ` [Qemu-devel] [PATCH 5/5] acpi-build: make ROMs device RAM, make them resizeable Michael S. Tsirkin
2014-11-17 20:11 ` [Qemu-devel] [PATCH 0/5] pc: make ROMs resizeable Michael S. Tsirkin
2014-11-19 7:29 ` Amit Shah
2014-11-18 14:47 ` Markus Armbruster
2014-11-18 15:00 ` Michael S. Tsirkin
2014-11-19 8:16 ` Markus Armbruster
2014-11-19 13:41 ` Michael S. Tsirkin
2014-11-19 7:31 ` Amit Shah
2014-11-19 8:15 ` Michael S. Tsirkin
2014-11-19 8:22 ` Amit Shah
2014-11-19 13:33 ` Michael S. Tsirkin
2014-11-19 13:52 ` Juan Quintela
2014-11-19 16:01 ` Michael S. Tsirkin
2014-11-19 13:52 ` Peter Maydell
2014-11-19 14:41 ` Paolo Bonzini
2014-11-19 15:34 ` Michael S. Tsirkin
2014-11-19 16:40 ` Juan Quintela
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141117201512.GA16974@redhat.com \
--to=mst@redhat.com \
--cc=dgilbert@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).