feat(virtio-mem): implement dynamic slots

Dynamically plug/unplug KVM slots when any/all of the blocks are
plugged/unplugged.

This prevents the guest from accessing unplugged memory.
However, this doesn't yet prevent the device emulation from accessing
the slots.

Signed-off-by: Riccardo Mancini <[email protected]>

Author: Manciukic

resources/seccomp/aarch64-unknown-linux-musl.json

@@ -445,6 +445,18 @@
                     }
                 ]
             },
+            {
+                "syscall": "ioctl",
+                "args": [
+                    {
+                        "index": 1,
+                        "type": "dword",
+                        "op": "eq",
+                        "val": 1075883590,
+                        "comment": "KVM_SET_USER_MEMORY_REGION, used to (un)plug memory for the virtio-mem device"
+                    }
+                ]
+            },
             {
                 "syscall": "sched_yield",
                 "comment": "Used by the rust standard library in std::sync::mpmc. Firecracker uses mpsc channels from this module for inter-thread communication"

resources/seccomp/x86_64-unknown-linux-musl.json

@@ -457,6 +457,18 @@
                     }
                 ]
             },
+            {
+                "syscall": "ioctl",
+                "args": [
+                    {
+                        "index": 1,
+                        "type": "dword",
+                        "op": "eq",
+                        "val": 1075883590,
+                        "comment": "KVM_SET_USER_MEMORY_REGION, used to (un)plug memory for the virtio-mem device"
+                    }
+                ]
+            },
             {
                 "syscall": "sched_yield",
                 "comment": "Used by the rust standard library in std::sync::mpmc. Firecracker uses mpsc channels from this module for inter-thread communication"

src/vmm/src/devices/virtio/mem/device.rs

@@ -33,7 +33,9 @@ use crate::devices::virtio::transport::{VirtioInterrupt, VirtioInterruptType};
 use crate::logger::{IncMetric, debug, error};
 use crate::utils::{bytes_to_mib, mib_to_bytes, u64_to_usize, usize_to_u64};
 use crate::vstate::interrupts::InterruptError;
-use crate::vstate::memory::{ByteValued, GuestMemoryExtension, GuestMemoryMmap, GuestRegionMmap};
+use crate::vstate::memory::{
+    ByteValued, GuestMemoryExtension, GuestMemoryMmap, GuestRegionMmap, GuestRegionType,
+};
 use crate::vstate::vm::VmError;
 use crate::{Vm, impl_device_type};
 
@@ -76,6 +78,8 @@ pub enum VirtioMemError {
     PlugRequestIsTooBig,
     /// The requested range cannot be unplugged because it's {0:?}.
     UnplugRequestBlockStateInvalid(BlockRangeState),
+    /// There was an error updating the KVM slot.
+    UpdateKvmSlot(VmError),
 }
 
 #[derive(Debug)]
@@ -501,6 +505,32 @@ impl VirtioMem {
         &self.activate_event
     }
 
+    fn update_kvm_slots(&self, updated_range: &RequestedRange) -> Result<(), VirtioMemError> {
+        let hp_region = self
+            .guest_memory()
+            .iter()
+            .find(|r| r.region_type == GuestRegionType::Hotpluggable)
+            .expect("there should be one and only one hotpluggable region");
+        hp_region
+            .slots_intersecting_range(
+                updated_range.addr,
+                self.nb_blocks_to_len(updated_range.nb_blocks),
+            )
+            .try_for_each(|slot| {
+                let slot_range = RequestedRange {
+                    addr: slot.guest_addr,
+                    nb_blocks: slot.slice.len() / u64_to_usize(self.config.block_size),
+                };
+                match self.range_state(&slot_range) {
+                    BlockRangeState::Mixed | BlockRangeState::Plugged => {
+                        hp_region.update_slot(&self.vm, &slot, true)
+                    }
+                    BlockRangeState::Unplugged => hp_region.update_slot(&self.vm, &slot, false),
+                }
+                .map_err(VirtioMemError::UpdateKvmSlot)
+            })
+    }
+
     /// Plugs/unplugs the given range
     ///
     /// Note: the range passed to this function must be within the device memory to avoid
@@ -527,9 +557,7 @@ impl VirtioMem {
                 });
         }
 
-        // TODO: update KVM slots to plug/unplug them
-
-        Ok(())
+        self.update_kvm_slots(range)
     }
 
     /// Updates the requested size of the virtio-mem device.

src/vmm/src/vstate/memory.rs

@@ -24,9 +24,10 @@ pub use vm_memory::{
 use vm_memory::{GuestMemoryError, GuestMemoryRegionBytes, VolatileSlice, WriteVolatile};
 use vmm_sys_util::errno;
 
-use crate::DirtyBitmap;
 use crate::utils::{get_page_size, u64_to_usize};
 use crate::vmm_config::machine_config::HugePageConfig;
+use crate::vstate::vm::VmError;
+use crate::{DirtyBitmap, Vm};
 
 /// Type of GuestRegionMmap.
 pub type GuestRegionMmap = vm_memory::GuestRegionMmap<Option<AtomicBitmap>>;
@@ -162,6 +163,14 @@ impl<'a> GuestMemorySlot<'a> {
     }
 }
 
+fn addr_in_range(addr: GuestAddress, start: GuestAddress, len: usize) -> bool {
+    if let Some(end) = start.checked_add(len as u64) {
+        addr >= start && addr < end
+    } else {
+        false
+    }
+}
+
 impl GuestRegionMmapExt {
     /// Adds a DRAM region which only contains a single plugged slot
     pub(crate) fn dram_from_mmap_region(region: GuestRegionMmap, slot: u32) -> Self {
@@ -188,8 +197,7 @@ impl GuestRegionMmapExt {
             region_type: GuestRegionType::Hotpluggable,
             slot_from,
             slot_size,
-            // TODO(virtio-mem): these should start unplugged when dynamic slots are implemented
-            plugged: Mutex::new(BitVec::repeat(true, slot_cnt)),
+            plugged: Mutex::new(BitVec::repeat(false, slot_cnt)),
         }
     }
 
@@ -259,6 +267,43 @@ impl GuestRegionMmapExt {
             .map(|(slot, _)| slot)
     }
 
+    pub(crate) fn slots_intersecting_range(
+        &self,
+        from: GuestAddress,
+        len: usize,
+    ) -> impl Iterator<Item = GuestMemorySlot<'_>> {
+        self.slots().map(|(slot, _)| slot).filter(move |slot| {
+            if let Some(slot_end) = slot.guest_addr.checked_add(slot.slice.len() as u64) {
+                addr_in_range(slot.guest_addr, from, len) || addr_in_range(slot_end, from, len)
+            } else {
+                false
+            }
+        })
+    }
+
+    /// (un)plug a slot from an Hotpluggable memory region
+    pub(crate) fn update_slot(
+        &self,
+        vm: &Vm,
+        mem_slot: &GuestMemorySlot<'_>,
+        plug: bool,
+    ) -> Result<(), VmError> {
+        // This function can only be called on hotpluggable regions!
+        assert!(self.region_type == GuestRegionType::Hotpluggable);
+
+        let mut bitmap_guard = self.plugged.lock().unwrap();
+        let prev = bitmap_guard.replace((mem_slot.slot - self.slot_from) as usize, plug);
+        // do not do anything if the state is what we're trying to set
+        if prev == plug {
+            return Ok(());
+        }
+        let mut kvm_region = kvm_userspace_memory_region::from(mem_slot);
+        if !plug {
+            kvm_region.memory_size = 0;
+        }
+        vm.set_user_memory_region(kvm_region)
+    }
+
     pub(crate) fn discard_range(
         &self,
         caddr: MemoryRegionAddress,