Re: [PATCH 2/7] guest_memfd: Introduce an object to manage the guest-memfd with RamDiscardManager

[Peter Xu <peterx@redhat.com>]

On Thu, Jan 23, 2025 at 05:33:53PM +0800, Xu Yilun wrote:
> On Wed, Jan 22, 2025 at 11:43:01AM -0500, Peter Xu wrote:
> > On Wed, Jan 22, 2025 at 05:41:31PM +0800, Xu Yilun wrote:
> > > On Wed, Jan 22, 2025 at 03:30:05PM +1100, Alexey Kardashevskiy wrote:
> > > > 
> > > > 
> > > > On 22/1/25 02:18, Peter Xu wrote:
> > > > > On Tue, Jun 25, 2024 at 12:31:13AM +0800, Xu Yilun wrote:
> > > > > > On Mon, Jan 20, 2025 at 03:46:15PM -0500, Peter Xu wrote:
> > > > > > > On Mon, Jan 20, 2025 at 09:22:50PM +1100, Alexey Kardashevskiy wrote:
> > > > > > > > > It is still uncertain how to implement the private MMIO. Our assumption
> > > > > > > > > is the private MMIO would also create a memory region with
> > > > > > > > > guest_memfd-like backend. Its mr->ram is true and should be managed by
> > > > > > > > > RamdDiscardManager which can skip doing DMA_MAP in VFIO's region_add
> > > > > > > > > listener.
> > > > > > > > 
> > > > > > > > My current working approach is to leave it as is in QEMU and VFIO.
> > > > > > > 
> > > > > > > Agreed.  Setting ram=true to even private MMIO sounds hackish, at least
> > > > > > 
> > > > > > The private MMIO refers to assigned MMIO, not emulated MMIO. IIUC,
> > > > > > normal assigned MMIO is always set ram=true,
> > > > > > 
> > > > > > void memory_region_init_ram_device_ptr(MemoryRegion *mr,
> > > > > >                                         Object *owner,
> > > > > >                                         const char *name,
> > > > > >                                         uint64_t size,
> > > > > >                                         void *ptr)
> > 
> > [1]
> > 
> > > > > > {
> > > > > >      memory_region_init(mr, owner, name, size);
> > > > > >      mr->ram = true;
> > > > > > 
> > > > > > 
> > > > > > So I don't think ram=true is a problem here.
> > > > > 
> > > > > I see.  If there's always a host pointer then it looks valid.  So it means
> > > > > the device private MMIOs are always mappable since the start?
> > > > 
> > > > Yes. VFIO owns the mapping and does not treat shared/private MMIO any
> > > > different at the moment. Thanks,
> > > 
> > > mm.. I'm actually expecting private MMIO not have a host pointer, just
> > > as private memory do.
> > > 
> > > But I'm not sure why having host pointer correlates mr->ram == true.
> > 
> > If there is no host pointer, what would you pass into "ptr" as referenced
> > at [1] above when creating the private MMIO memory region?
> 
> Sorry for confusion. I mean existing MMIO region use set mr->ram = true,
> and unmappable region (gmem) also set mr->ram = true. So don't know why
> mr->ram = true for private MMIO is hackish.

That's exactly what I had on the question in the previous email - please
have a look at what QEMU does right now with memory_access_is_direct().
I'm not 100% sure it'll work if the host pointer doesn't exist.

Let's take one user of it to be explicit: flatview_write_continue_step()
will try to access the ram pointer if it's direct:

    if (!memory_access_is_direct(mr, true)) {
        ...
    } else {
        /* RAM case */
        uint8_t *ram_ptr = qemu_ram_ptr_length(mr->ram_block, mr_addr, l,
                                               false, true);

        memmove(ram_ptr, buf, *l);
        invalidate_and_set_dirty(mr, mr_addr, *l);

        return MEMTX_OK;
    }

I don't see how QEMU could work yet if one MR set ram=true but without a
host pointer..

As discussed previously, IMHO it's okay that the pointer is not accessible,
but still I assume QEMU assumes the pointer at least existed for a ram=on
MR.  I don't know whether it's suitable to set ram=on if the pointer
doesn't ever exist.

> 
> I think We could add another helper to create memory region for private
> MMIO.
> 
> > 
> > OTOH, IIUC guest private memory finally can also have a host pointer (aka,
> > mmap()-able), it's just that even if it exists, accessing it may crash QEMU
> > if it's private.
> 
> Not sure if I get it correct: when memory will be converted to private, QEMU
> should firstly unmap the host ptr, which means host ptr doesn't alway exist.

At least current QEMU doesn't unmap it? 

kvm_convert_memory() does ram_block_discard_range() indeed, but that's hole
punches, not unmap.  So the host pointer can always be there.

Even if we could have in-place gmemfd conversions in the future for guest
mem, we should also need the host pointer to be around, in which case (per
my current understand) it will even avoid hole punching but instead make
the page accessible (by being able to be faulted in).

Thanks,

-- 
Peter Xu