From: Stefan Hajnoczi <stefanha@redhat.com>
To: Albert Esteve <aesteve@redhat.com>
Cc: qemu-devel@nongnu.org, "Alex Bennée" <alex.bennee@linaro.org>,
slp@redhat.com, hi@alyssa.is, mst@redhat.com, david@redhat.com,
jasowang@redhat.com, "Stefano Garzarella" <sgarzare@redhat.com>,
stevensd@chromium.org
Subject: Re: [PATCH v3 2/5] virtio: Track shared memory mappings
Date: Mon, 16 Sep 2024 19:27:26 +0200 [thread overview]
Message-ID: <20240916172726.GF521955@fedora.home> (raw)
In-Reply-To: <20240912145335.129447-3-aesteve@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 9801 bytes --]
On Thu, Sep 12, 2024 at 04:53:32PM +0200, Albert Esteve wrote:
> Update shmem_list to be able to track
> active mappings on VIRTIO shared memory
> regions. This allows to verify that new
> mapping request received from backends
> do not overlap. If they do, the request
> shall fail in order to adhere to the specs.
>
> Signed-off-by: Albert Esteve <aesteve@redhat.com>
> ---
> hw/virtio/vhost-user.c | 31 +++++++++++++-------
> hw/virtio/virtio.c | 58 ++++++++++++++++++++++++++++++++++----
> include/hw/virtio/virtio.h | 25 ++++++++++++++--
> 3 files changed, 96 insertions(+), 18 deletions(-)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 338cc942ec..de0bb35257 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -1776,7 +1776,7 @@ vhost_user_backend_handle_shmem_map(struct vhost_dev *dev,
> int fd)
> {
> void *addr = 0;
> - MemoryRegion *mr = NULL;
> + VirtSharedMemory *shmem = NULL;
>
> if (fd < 0) {
> error_report("Bad fd for map");
> @@ -1791,22 +1791,29 @@ vhost_user_backend_handle_shmem_map(struct vhost_dev *dev,
> return -EFAULT;
> }
>
> - mr = &dev->vdev->shmem_list[vu_mmap->shmid];
> + shmem = &dev->vdev->shmem_list[vu_mmap->shmid];
>
> - if (!mr) {
> + if (!shmem) {
> error_report("VIRTIO Shared Memory Region at "
> "ID %d unitialized", vu_mmap->shmid);
> return -EFAULT;
> }
>
> if ((vu_mmap->shm_offset + vu_mmap->len) < vu_mmap->len ||
> - (vu_mmap->shm_offset + vu_mmap->len) > mr->size) {
> + (vu_mmap->shm_offset + vu_mmap->len) > shmem->mr->size) {
> error_report("Bad offset/len for mmap %" PRIx64 "+%" PRIx64,
> vu_mmap->shm_offset, vu_mmap->len);
> return -EFAULT;
> }
>
> - void *shmem_ptr = memory_region_get_ram_ptr(mr);
> + if (virtio_shmem_map_overlaps(shmem, vu_mmap->shm_offset, vu_mmap->len)) {
> + error_report("Requested memory (%" PRIx64 "+%" PRIx64 ") overalps "
> + "with previously mapped memory",
> + vu_mmap->shm_offset, vu_mmap->len);
> + return -EFAULT;
> + }
> +
> + void *shmem_ptr = memory_region_get_ram_ptr(shmem->mr);
>
> addr = mmap(shmem_ptr + vu_mmap->shm_offset, vu_mmap->len,
> ((vu_mmap->flags & VHOST_USER_FLAG_MAP_R) ? PROT_READ : 0) |
> @@ -1818,6 +1825,8 @@ vhost_user_backend_handle_shmem_map(struct vhost_dev *dev,
> return -EFAULT;
> }
>
> + virtio_add_shmem_map(shmem, vu_mmap->shm_offset, vu_mmap->len);
> +
> return 0;
> }
>
> @@ -1826,7 +1835,7 @@ vhost_user_backend_handle_shmem_unmap(struct vhost_dev *dev,
> VhostUserMMap *vu_mmap)
> {
> void *addr = 0;
> - MemoryRegion *mr = NULL;
> + VirtSharedMemory *shmem = NULL;
>
> if (!dev->vdev->shmem_list ||
> dev->vdev->n_shmem_regions <= vu_mmap->shmid) {
> @@ -1836,22 +1845,22 @@ vhost_user_backend_handle_shmem_unmap(struct vhost_dev *dev,
> return -EFAULT;
> }
>
> - mr = &dev->vdev->shmem_list[vu_mmap->shmid];
> + shmem = &dev->vdev->shmem_list[vu_mmap->shmid];
>
> - if (!mr) {
> + if (!shmem) {
> error_report("VIRTIO Shared Memory Region at "
> "ID %d unitialized", vu_mmap->shmid);
> return -EFAULT;
> }
>
> if ((vu_mmap->shm_offset + vu_mmap->len) < vu_mmap->len ||
> - (vu_mmap->shm_offset + vu_mmap->len) > mr->size) {
> + (vu_mmap->shm_offset + vu_mmap->len) > shmem->mr->size) {
> error_report("Bad offset/len for mmap %" PRIx64 "+%" PRIx64,
> vu_mmap->shm_offset, vu_mmap->len);
> return -EFAULT;
> }
Please add a check for an existing mapping that matches [shm_offset,
shm_offset + len). This will prevent partial unmap as required by the
spec.
>
> - void *shmem_ptr = memory_region_get_ram_ptr(mr);
> + void *shmem_ptr = memory_region_get_ram_ptr(shmem->mr);
>
> addr = mmap(shmem_ptr + vu_mmap->shm_offset, vu_mmap->len,
> PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
> @@ -1861,6 +1870,8 @@ vhost_user_backend_handle_shmem_unmap(struct vhost_dev *dev,
> return -EFAULT;
> }
>
> + virtio_del_shmem_map(shmem, vu_mmap->shm_offset, vu_mmap->len);
> +
> return 0;
> }
>
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index ccc4f2cd75..0e2cd62a15 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -3059,15 +3059,52 @@ int virtio_save(VirtIODevice *vdev, QEMUFile *f)
> return vmstate_save_state(f, &vmstate_virtio, vdev, NULL);
> }
>
> -MemoryRegion *virtio_new_shmem_region(VirtIODevice *vdev)
> +VirtSharedMemory *virtio_new_shmem_region(VirtIODevice *vdev)
> {
> - MemoryRegion *mr;
> + VirtSharedMemory *shmem = NULL;
> ++vdev->n_shmem_regions;
> - vdev->shmem_list = g_renew(MemoryRegion, vdev->shmem_list,
> + vdev->shmem_list = g_renew(VirtSharedMemory, vdev->shmem_list,
> vdev->n_shmem_regions);
> - mr = &vdev->shmem_list[vdev->n_shmem_regions - 1];
> - mr = g_new0(MemoryRegion, 1);
> - return mr;
> + shmem = &vdev->shmem_list[vdev->n_shmem_regions - 1];
> + shmem = g_new0(VirtSharedMemory, 1);
> + QTAILQ_INIT(&shmem->mapped_regions);
> + return shmem;
> +}
> +
> +void virtio_add_shmem_map(VirtSharedMemory *shmem, hwaddr offset,
> + uint64_t size)
> +{
> + MappedMemoryRegion *mmap = g_new0(MappedMemoryRegion, 1);
> + mmap->offset = offset;
> + mmap->size = int128_make64(size);
> + QTAILQ_REMOVE(&shmem->mapped_regions, mmap, link);
> + g_free(mmap);
mmap needs to be inserted into mapped_regions and must not be freed by
this function.
> +}
> +
> +void virtio_del_shmem_map(VirtSharedMemory *shmem, hwaddr offset,
> + uint64_t size)
> +{
> + MappedMemoryRegion *mmap = g_new0(MappedMemoryRegion, 1);
> + mmap->offset = offset;
> + mmap->size = int128_make64(size);
> + QTAILQ_INSERT_TAIL(&shmem->mapped_regions, mmap, link);
This function needs to search the list for the matching mmap and remove
it from the list. It should not create a new mmap.
> + g_free(mmap);
> +}
> +
> +bool virtio_shmem_map_overlaps(VirtSharedMemory *shmem, hwaddr offset,
> + uint64_t size)
> +{
> + MappedMemoryRegion *map_reg;
> + hwaddr new_reg_end = offset + size;
> + QTAILQ_FOREACH(map_reg, &shmem->mapped_regions, link) {
> + hwaddr region_end = map_reg->offset + map_reg->size;
> + if ((map_reg->offset == offset) ||
> + (map_reg->offset < offset && region_end >= offset) ||
> + (offset < map_reg->offset && new_reg_end >= map_reg->offset )) {
> + return true;
> + }
> + }
> + return false;
> }
>
> /* A wrapper for use as a VMState .put function */
> @@ -4007,11 +4044,20 @@ static void virtio_device_free_virtqueues(VirtIODevice *vdev)
> static void virtio_device_instance_finalize(Object *obj)
> {
> VirtIODevice *vdev = VIRTIO_DEVICE(obj);
> + VirtSharedMemory *shmem = NULL;
> + int i;
>
> virtio_device_free_virtqueues(vdev);
>
> g_free(vdev->config);
> g_free(vdev->vector_queues);
> + for (i = 0; i< vdev->n_shmem_regions; i++) {
> + shmem = &vdev->shmem_list[i];
> + while (!QTAILQ_EMPTY(&shmem->mapped_regions)) {
> + MappedMemoryRegion *mmap_reg = QTAILQ_FIRST(&shmem->mapped_regions);
> + QTAILQ_REMOVE(&shmem->mapped_regions, mmap_reg, link);
g_free(mmap_reg)
> + }
> + }
> }
>
> static Property virtio_properties[] = {
> diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
> index d4a2f664d9..5b801f33f5 100644
> --- a/include/hw/virtio/virtio.h
> +++ b/include/hw/virtio/virtio.h
> @@ -98,6 +98,21 @@ enum virtio_device_endian {
> VIRTIO_DEVICE_ENDIAN_BIG,
> };
>
> +struct MappedMemoryRegion {
> + Int128 size;
> + hwaddr offset;
> + QTAILQ_ENTRY(MappedMemoryRegion) link;
> +};
> +
> +typedef struct MappedMemoryRegion MappedMemoryRegion;
> +
> +struct VirtSharedMemory {
> + MemoryRegion *mr;
> + QTAILQ_HEAD(, MappedMemoryRegion) mapped_regions;
> +};
> +
> +typedef struct VirtSharedMemory VirtSharedMemory;
> +
> /**
> * struct VirtIODevice - common VirtIO structure
> * @name: name of the device
> @@ -168,7 +183,7 @@ struct VirtIODevice
> EventNotifier config_notifier;
> bool device_iotlb_enabled;
> /* Shared memory region for vhost-user mappings. */
> - MemoryRegion *shmem_list;
> + VirtSharedMemory *shmem_list;
> int n_shmem_regions;
> };
>
> @@ -289,7 +304,13 @@ void virtio_notify(VirtIODevice *vdev, VirtQueue *vq);
>
> int virtio_save(VirtIODevice *vdev, QEMUFile *f);
>
> -MemoryRegion *virtio_new_shmem_region(VirtIODevice *vdev);
> +VirtSharedMemory *virtio_new_shmem_region(VirtIODevice *vdev);
> +void virtio_add_shmem_map(VirtSharedMemory *shmem, hwaddr offset,
> + uint64_t size);
> +void virtio_del_shmem_map(VirtSharedMemory *shmem, hwaddr offset,
> + uint64_t size);
> +bool virtio_shmem_map_overlaps(VirtSharedMemory *shmem, hwaddr offset,
> + uint64_t size);
>
> extern const VMStateInfo virtio_vmstate_info;
>
> --
> 2.45.2
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2024-09-16 17:28 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-12 14:53 [PATCH v3 0/5] vhost-user: Add SHMEM_MAP/UNMAP requests Albert Esteve
2024-09-12 14:53 ` [PATCH v3 1/5] vhost-user: Add VIRTIO Shared Memory map request Albert Esteve
2024-09-16 17:21 ` Stefan Hajnoczi
2024-11-25 9:55 ` Albert Esteve
2024-09-17 10:07 ` David Hildenbrand
2024-11-25 8:28 ` Albert Esteve
2024-11-27 10:50 ` David Hildenbrand
2024-11-27 12:10 ` David Hildenbrand
2024-11-27 12:17 ` David Hildenbrand
2024-11-27 12:31 ` Albert Esteve
2024-11-27 12:40 ` David Hildenbrand
2024-11-27 12:55 ` Albert Esteve
2024-09-12 14:53 ` [PATCH v3 2/5] virtio: Track shared memory mappings Albert Esteve
2024-09-16 17:27 ` Stefan Hajnoczi [this message]
2024-09-12 14:53 ` [PATCH v3 3/5] vhost_user: Add frontend command for shmem config Albert Esteve
2024-09-17 7:48 ` Stefan Hajnoczi
2024-09-17 7:50 ` Stefan Hajnoczi
2024-09-12 14:53 ` [PATCH v3 4/5] vhost-user-dev: Add cache BAR Albert Esteve
2024-09-17 8:27 ` Stefan Hajnoczi
2024-11-25 16:16 ` Albert Esteve
2024-11-26 7:55 ` Albert Esteve
2024-11-26 12:51 ` Albert Esteve
2024-09-17 8:32 ` Stefan Hajnoczi
2024-09-17 8:36 ` Stefan Hajnoczi
2024-09-12 14:53 ` [PATCH v3 5/5] vhost_user: Add MEM_READ/WRITE backend requests Albert Esteve
2024-09-12 14:59 ` [PATCH v3 0/5] vhost-user: Add SHMEM_MAP/UNMAP requests Albert Esteve
2024-09-16 17:57 ` Stefan Hajnoczi
2024-09-17 7:05 ` Albert Esteve
2024-09-17 7:43 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240916172726.GF521955@fedora.home \
--to=stefanha@redhat.com \
--cc=aesteve@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=david@redhat.com \
--cc=hi@alyssa.is \
--cc=jasowang@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sgarzare@redhat.com \
--cc=slp@redhat.com \
--cc=stevensd@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).