| 
									
										
										
										
											2018-04-23 18:51:16 +02:00
										 |  |  | /*
 | 
					
						
							|  |  |  |  * Memory Device Interface | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Copyright ProfitBricks GmbH 2012 | 
					
						
							|  |  |  |  * Copyright (C) 2014 Red Hat Inc | 
					
						
							|  |  |  |  * Copyright (c) 2018 Red Hat Inc | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This work is licensed under the terms of the GNU GPL, version 2 or later. | 
					
						
							|  |  |  |  * See the COPYING file in the top-level directory. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #include "qemu/osdep.h"
 | 
					
						
							|  |  |  | #include "hw/mem/memory-device.h"
 | 
					
						
							|  |  |  | #include "qapi/error.h"
 | 
					
						
							|  |  |  | #include "hw/boards.h"
 | 
					
						
							|  |  |  | #include "qemu/range.h"
 | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:21 +02:00
										 |  |  | #include "hw/virtio/vhost.h"
 | 
					
						
							|  |  |  | #include "sysemu/kvm.h"
 | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:24 +02:00
										 |  |  | #include "trace.h"
 | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:16 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | static gint memory_device_addr_sort(gconstpointer a, gconstpointer b) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     const MemoryDeviceState *md_a = MEMORY_DEVICE(a); | 
					
						
							|  |  |  |     const MemoryDeviceState *md_b = MEMORY_DEVICE(b); | 
					
						
							|  |  |  |     const MemoryDeviceClass *mdc_a = MEMORY_DEVICE_GET_CLASS(a); | 
					
						
							|  |  |  |     const MemoryDeviceClass *mdc_b = MEMORY_DEVICE_GET_CLASS(b); | 
					
						
							|  |  |  |     const uint64_t addr_a = mdc_a->get_addr(md_a); | 
					
						
							|  |  |  |     const uint64_t addr_b = mdc_b->get_addr(md_b); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (addr_a > addr_b) { | 
					
						
							|  |  |  |         return 1; | 
					
						
							|  |  |  |     } else if (addr_a < addr_b) { | 
					
						
							|  |  |  |         return -1; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static int memory_device_build_list(Object *obj, void *opaque) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     GSList **list = opaque; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (object_dynamic_cast(obj, TYPE_MEMORY_DEVICE)) { | 
					
						
							|  |  |  |         DeviceState *dev = DEVICE(obj); | 
					
						
							|  |  |  |         if (dev->realized) { /* only realized memory devices matter */ | 
					
						
							|  |  |  |             *list = g_slist_insert_sorted(*list, dev, memory_device_addr_sort); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     object_child_foreach(obj, memory_device_build_list, opaque); | 
					
						
							|  |  |  |     return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:21 +02:00
										 |  |  | static int memory_device_used_region_size(Object *obj, void *opaque) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     uint64_t *size = opaque; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (object_dynamic_cast(obj, TYPE_MEMORY_DEVICE)) { | 
					
						
							|  |  |  |         const DeviceState *dev = DEVICE(obj); | 
					
						
							|  |  |  |         const MemoryDeviceState *md = MEMORY_DEVICE(obj); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (dev->realized) { | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:17 +02:00
										 |  |  |             *size += memory_device_get_region_size(md, &error_abort); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:21 +02:00
										 |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     object_child_foreach(obj, memory_device_used_region_size, opaque); | 
					
						
							|  |  |  |     return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static void memory_device_check_addable(MachineState *ms, uint64_t size, | 
					
						
							|  |  |  |                                         Error **errp) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     uint64_t used_region_size = 0; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /* we will need a new memory slot for kvm and vhost */ | 
					
						
							|  |  |  |     if (kvm_enabled() && !kvm_has_free_slot(ms)) { | 
					
						
							|  |  |  |         error_setg(errp, "hypervisor has no free memory slots left"); | 
					
						
							|  |  |  |         return; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     if (!vhost_has_free_slot()) { | 
					
						
							|  |  |  |         error_setg(errp, "a used vhost backend has no free memory slots left"); | 
					
						
							|  |  |  |         return; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /* will we exceed the total amount of memory specified */ | 
					
						
							|  |  |  |     memory_device_used_region_size(OBJECT(ms), &used_region_size); | 
					
						
							| 
									
										
										
										
											2018-10-23 17:23:05 +02:00
										 |  |  |     if (used_region_size + size < used_region_size || | 
					
						
							|  |  |  |         used_region_size + size > ms->maxram_size - ms->ram_size) { | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:21 +02:00
										 |  |  |         error_setg(errp, "not enough space, currently 0x%" PRIx64 | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:13 +02:00
										 |  |  |                    " in use of total space for memory devices 0x" RAM_ADDR_FMT, | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:21 +02:00
										 |  |  |                    used_region_size, ms->maxram_size - ms->ram_size); | 
					
						
							|  |  |  |         return; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:21 +02:00
										 |  |  | static uint64_t memory_device_get_free_addr(MachineState *ms, | 
					
						
							|  |  |  |                                             const uint64_t *hint, | 
					
						
							|  |  |  |                                             uint64_t align, uint64_t size, | 
					
						
							|  |  |  |                                             Error **errp) | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  | { | 
					
						
							|  |  |  |     GSList *list = NULL, *item; | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |     Range as, new = range_empty; | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if (!ms->device_memory) { | 
					
						
							|  |  |  |         error_setg(errp, "memory devices (e.g. for memory hotplug) are not " | 
					
						
							|  |  |  |                          "supported by the machine"); | 
					
						
							|  |  |  |         return 0; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (!memory_region_size(&ms->device_memory->mr)) { | 
					
						
							|  |  |  |         error_setg(errp, "memory devices (e.g. for memory hotplug) are not " | 
					
						
							|  |  |  |                          "enabled, please specify the maxmem option"); | 
					
						
							|  |  |  |         return 0; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |     range_init_nofail(&as, ms->device_memory->base, | 
					
						
							|  |  |  |                       memory_region_size(&ms->device_memory->mr)); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |     /* start of address space indicates the maximum alignment we expect */ | 
					
						
							|  |  |  |     if (!QEMU_IS_ALIGNED(range_lob(&as), align)) { | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:09 +02:00
										 |  |  |         error_setg(errp, "the alignment (0x%" PRIx64 ") is not supported", | 
					
						
							| 
									
										
										
										
											2018-06-07 17:47:04 +02:00
										 |  |  |                    align); | 
					
						
							|  |  |  |         return 0; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:21 +02:00
										 |  |  |     memory_device_check_addable(ms, size, errp); | 
					
						
							|  |  |  |     if (*errp) { | 
					
						
							|  |  |  |         return 0; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-23 17:23:04 +02:00
										 |  |  |     if (hint && !QEMU_IS_ALIGNED(*hint, align)) { | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  |         error_setg(errp, "address must be aligned to 0x%" PRIx64 " bytes", | 
					
						
							|  |  |  |                    align); | 
					
						
							|  |  |  |         return 0; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-23 17:23:04 +02:00
										 |  |  |     if (!QEMU_IS_ALIGNED(size, align)) { | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  |         error_setg(errp, "backend memory size must be multiple of 0x%" | 
					
						
							|  |  |  |                    PRIx64, align); | 
					
						
							|  |  |  |         return 0; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (hint) { | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |         if (range_init(&new, *hint, size) || !range_contains_range(&as, &new)) { | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:13 +02:00
										 |  |  |             error_setg(errp, "can't add memory device [0x%" PRIx64 ":0x%" PRIx64 | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |                        "], usable range for memory devices [0x%" PRIx64 ":0x%" | 
					
						
							|  |  |  |                        PRIx64 "]", *hint, size, range_lob(&as), | 
					
						
							|  |  |  |                        range_size(&as)); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  |             return 0; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } else { | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |         if (range_init(&new, range_lob(&as), size)) { | 
					
						
							|  |  |  |             error_setg(errp, "can't add memory device, device too big"); | 
					
						
							|  |  |  |             return 0; | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /* find address range that will fit new memory device */ | 
					
						
							|  |  |  |     object_child_foreach(OBJECT(ms), memory_device_build_list, &list); | 
					
						
							|  |  |  |     for (item = list; item; item = g_slist_next(item)) { | 
					
						
							|  |  |  |         const MemoryDeviceState *md = item->data; | 
					
						
							|  |  |  |         const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(OBJECT(md)); | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |         uint64_t next_addr; | 
					
						
							|  |  |  |         Range tmp; | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |         range_init_nofail(&tmp, mdc->get_addr(md), | 
					
						
							|  |  |  |                           memory_device_get_region_size(md, &error_abort)); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |         if (range_overlaps_range(&tmp, &new)) { | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  |             if (hint) { | 
					
						
							|  |  |  |                 const DeviceState *d = DEVICE(md); | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:11 +02:00
										 |  |  |                 error_setg(errp, "address range conflicts with memory device" | 
					
						
							|  |  |  |                            " id='%s'", d->id ? d->id : "(unnamed)"); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  |                 goto out; | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |             next_addr = QEMU_ALIGN_UP(range_upb(&tmp) + 1, align); | 
					
						
							|  |  |  |             if (!next_addr || range_init(&new, next_addr, range_size(&new))) { | 
					
						
							|  |  |  |                 range_make_empty(&new); | 
					
						
							|  |  |  |                 break; | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |     if (!range_contains_range(&as, &new)) { | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  |         error_setg(errp, "could not find position in guest address space for " | 
					
						
							|  |  |  |                    "memory device - memory fragmented due to alignments"); | 
					
						
							|  |  |  |         goto out; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | out: | 
					
						
							|  |  |  |     g_slist_free(list); | 
					
						
							| 
									
										
										
											
												memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.
qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000
Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)
"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
											
										 
											2018-12-14 14:10:43 +01:00
										 |  |  |     return range_lob(&new); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:20 +02:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:16 +02:00
										 |  |  | MemoryDeviceInfoList *qmp_memory_device_list(void) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     GSList *devices = NULL, *item; | 
					
						
							|  |  |  |     MemoryDeviceInfoList *list = NULL, *prev = NULL; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     object_child_foreach(qdev_get_machine(), memory_device_build_list, | 
					
						
							|  |  |  |                          &devices); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     for (item = devices; item; item = g_slist_next(item)) { | 
					
						
							|  |  |  |         const MemoryDeviceState *md = MEMORY_DEVICE(item->data); | 
					
						
							|  |  |  |         const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(item->data); | 
					
						
							|  |  |  |         MemoryDeviceInfoList *elem = g_new0(MemoryDeviceInfoList, 1); | 
					
						
							|  |  |  |         MemoryDeviceInfo *info = g_new0(MemoryDeviceInfo, 1); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         mdc->fill_device_info(md, info); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         elem->value = info; | 
					
						
							|  |  |  |         elem->next = NULL; | 
					
						
							|  |  |  |         if (prev) { | 
					
						
							|  |  |  |             prev->next = elem; | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |             list = elem; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         prev = elem; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     g_slist_free(devices); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return list; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static int memory_device_plugged_size(Object *obj, void *opaque) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     uint64_t *size = opaque; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (object_dynamic_cast(obj, TYPE_MEMORY_DEVICE)) { | 
					
						
							|  |  |  |         const DeviceState *dev = DEVICE(obj); | 
					
						
							|  |  |  |         const MemoryDeviceState *md = MEMORY_DEVICE(obj); | 
					
						
							|  |  |  |         const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(obj); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (dev->realized) { | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:15 +02:00
										 |  |  |             *size += mdc->get_plugged_size(md, &error_abort); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:16 +02:00
										 |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     object_child_foreach(obj, memory_device_plugged_size, opaque); | 
					
						
							|  |  |  |     return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | uint64_t get_plugged_memory_size(void) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     uint64_t size = 0; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     memory_device_plugged_size(qdev_get_machine(), &size); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return size; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:21 +02:00
										 |  |  | void memory_device_pre_plug(MemoryDeviceState *md, MachineState *ms, | 
					
						
							|  |  |  |                             const uint64_t *legacy_align, Error **errp) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(md); | 
					
						
							|  |  |  |     Error *local_err = NULL; | 
					
						
							|  |  |  |     uint64_t addr, align; | 
					
						
							|  |  |  |     MemoryRegion *mr; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     mr = mdc->get_memory_region(md, &local_err); | 
					
						
							|  |  |  |     if (local_err) { | 
					
						
							|  |  |  |         goto out; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     align = legacy_align ? *legacy_align : memory_region_get_alignment(mr); | 
					
						
							|  |  |  |     addr = mdc->get_addr(md); | 
					
						
							|  |  |  |     addr = memory_device_get_free_addr(ms, !addr ? NULL : &addr, align, | 
					
						
							|  |  |  |                                        memory_region_size(mr), &local_err); | 
					
						
							|  |  |  |     if (local_err) { | 
					
						
							|  |  |  |         goto out; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     mdc->set_addr(md, addr, &local_err); | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:24 +02:00
										 |  |  |     if (!local_err) { | 
					
						
							|  |  |  |         trace_memory_device_pre_plug(DEVICE(md)->id ? DEVICE(md)->id : "", | 
					
						
							|  |  |  |                                      addr); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:21 +02:00
										 |  |  | out: | 
					
						
							|  |  |  |     error_propagate(errp, local_err); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:22 +02:00
										 |  |  | void memory_device_plug(MemoryDeviceState *md, MachineState *ms) | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:22 +02:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:22 +02:00
										 |  |  |     const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(md); | 
					
						
							|  |  |  |     const uint64_t addr = mdc->get_addr(md); | 
					
						
							|  |  |  |     MemoryRegion *mr; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /*
 | 
					
						
							|  |  |  |      * We expect that a previous call to memory_device_pre_plug() succeeded, so | 
					
						
							|  |  |  |      * it can't fail at this point. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     mr = mdc->get_memory_region(md, &error_abort); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:22 +02:00
										 |  |  |     g_assert(ms->device_memory); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     memory_region_add_subregion(&ms->device_memory->mr, | 
					
						
							|  |  |  |                                 addr - ms->device_memory->base, mr); | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:24 +02:00
										 |  |  |     trace_memory_device_plug(DEVICE(md)->id ? DEVICE(md)->id : "", addr); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:22 +02:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:23 +02:00
										 |  |  | void memory_device_unplug(MemoryDeviceState *md, MachineState *ms) | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:22 +02:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:23 +02:00
										 |  |  |     const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(md); | 
					
						
							|  |  |  |     MemoryRegion *mr; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /*
 | 
					
						
							|  |  |  |      * We expect that a previous call to memory_device_pre_plug() succeeded, so | 
					
						
							|  |  |  |      * it can't fail at this point. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     mr = mdc->get_memory_region(md, &error_abort); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:22 +02:00
										 |  |  |     g_assert(ms->device_memory); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     memory_region_del_subregion(&ms->device_memory->mr, mr); | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:24 +02:00
										 |  |  |     trace_memory_device_unplug(DEVICE(md)->id ? DEVICE(md)->id : "", | 
					
						
							|  |  |  |                                mdc->get_addr(md)); | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:22 +02:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:17 +02:00
										 |  |  | uint64_t memory_device_get_region_size(const MemoryDeviceState *md, | 
					
						
							|  |  |  |                                        Error **errp) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:19 +02:00
										 |  |  |     const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(md); | 
					
						
							|  |  |  |     MemoryRegion *mr; | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:17 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:19 +02:00
										 |  |  |     /* dropping const here is fine as we don't touch the memory region */ | 
					
						
							|  |  |  |     mr = mdc->get_memory_region((MemoryDeviceState *)md, errp); | 
					
						
							|  |  |  |     if (!mr) { | 
					
						
							|  |  |  |         return 0; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return memory_region_size(mr); | 
					
						
							| 
									
										
										
										
											2018-10-05 11:20:17 +02:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-23 18:51:16 +02:00
										 |  |  | static const TypeInfo memory_device_info = { | 
					
						
							|  |  |  |     .name          = TYPE_MEMORY_DEVICE, | 
					
						
							|  |  |  |     .parent        = TYPE_INTERFACE, | 
					
						
							|  |  |  |     .class_size = sizeof(MemoryDeviceClass), | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static void memory_device_register_types(void) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     type_register_static(&memory_device_info); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | type_init(memory_device_register_types) |