feat(IovDeque): configurable queue len

Add a const generic parameter to specify the
length of the IovDeque. This allows us to independently
change queue length for different virtio devices.

Signed-off-by: Egor Lazarchuk <[email protected]>

Author: ShadowCurse

src/vmm/src/devices/virtio/iov_deque.rs

@@ -6,7 +6,6 @@ use std::os::fd::AsRawFd;
 use libc::{c_int, c_void, iovec, off_t, size_t};
 use memfd;
 
-use super::queue::FIRECRACKER_MAX_QUEUE_SIZE;
 use crate::arch::PAGE_SIZE;
 
 #[derive(Debug, thiserror::Error, displaydoc::Display)]
@@ -69,26 +68,42 @@ pub enum IovDequeError {
 //
 // Like that, the elements stored in the buffer are always laid out in contiguous virtual memory,
 // so making a slice out of them does not require any copies.
+//
+// The `L` const generic determines the maximum number of `iovec` elements the queue should hold.
+//
+// ```Rust
+// pub struct iovec {
+//    pub iov_base: *mut ::c_void,
+//    pub iov_len: ::size_t,
+// }
+// ```
+//
+// This value must be a multiple of 256 because this is the maximum number of `iovec` can fit into
+// 1 memory page: 256 * sizeof(iovec) == 4096 == PAGE_SIZE. IovDeque only operates on `PAGE_SIZE`
+// granularity.
 #[derive(Debug)]
-pub struct IovDeque {
+pub struct IovDeque<const L: u16> {
     pub iov: *mut libc::iovec,
     pub start: u16,
     pub len: u16,
 }
 
 // SAFETY: This is `Send`. We hold sole ownership of the underlying buffer.
-unsafe impl Send for IovDeque {}
+unsafe impl<const L: u16> Send for IovDeque<L> {}
+
+impl<const L: u16> IovDeque<L> {
+    const BYTES: usize = L as usize * std::mem::size_of::<iovec>();
+    const _ASSERT: () = assert!(Self::BYTES % PAGE_SIZE == 0);
 
-impl IovDeque {
     /// Create a [`memfd`] object that represents a single physical page
     fn create_memfd() -> Result<memfd::Memfd, IovDequeError> {
         // Create a sealable memfd.
         let opts = memfd::MemfdOptions::default().allow_sealing(true);
-        let mfd = opts.create("sized-1K")?;
+        let mfd = opts.create("iov_deque")?;
 
         // Resize to system page size.
         mfd.as_file()
-            .set_len(PAGE_SIZE.try_into().unwrap())
+            .set_len(Self::BYTES.try_into().unwrap())
             .map_err(IovDequeError::MemfdResize)?;
 
         // Add seals to prevent further resizing.
@@ -121,35 +136,13 @@ impl IovDeque {
 
     /// Allocate memory for our ring buffer
     ///
-    /// This will allocate exactly two pages of virtual memory. In order to implement the
-    /// optimization that allows us to always have elements in contiguous memory we need
-    /// allocations at the granularity of `PAGE_SIZE`. Now, our queues are at maximum 256
-    /// descriptors long and `struct iovec` looks like this:
-    ///
-    /// ```Rust
-    /// pub struct iovec {
-    ///    pub iov_base: *mut ::c_void,
-    ///    pub iov_len: ::size_t,
-    /// }
-    /// ```
-    ///
-    /// so, it's 16 bytes long. As a result, we need a single page for holding the actual data of
-    /// our buffer.
+    /// This will allocate 2 * `Self::BYTES` bytes in virtual memory.
     fn allocate_ring_buffer_memory() -> Result<*mut c_void, IovDequeError> {
-        // The fact that we allocate two pages is due to the size of `struct iovec` times our queue
-        // size equals the page size. Add here a debug assertion to reflect that and ensure that we
-        // will adapt our logic if the assumption changes in the future.
-        const {
-            assert!(
-                std::mem::size_of::<iovec>() * FIRECRACKER_MAX_QUEUE_SIZE as usize == PAGE_SIZE
-            );
-        }
-
         // SAFETY: We are calling the system call with valid arguments
         unsafe {
             Self::mmap(
                 std::ptr::null_mut(),
-                PAGE_SIZE * 2,
+                Self::BYTES * 2,
                 libc::PROT_NONE,
                 libc::MAP_PRIVATE | libc::MAP_ANONYMOUS,
                 -1,
@@ -169,7 +162,7 @@ impl IovDeque {
         let _ = unsafe {
             Self::mmap(
                 buffer,
-                PAGE_SIZE,
+                Self::BYTES,
                 libc::PROT_READ | libc::PROT_WRITE,
                 libc::MAP_SHARED | libc::MAP_FIXED,
                 raw_memfd,
@@ -180,19 +173,17 @@ impl IovDeque {
         // Map the second page of virtual memory to the physical page described by the memfd object
         //
         // SAFETY: This is safe because:
-        // * Both `buffer` and the result of `buffer.add(PAGE_SIZE)` are within bounds of the
+        // * Both `buffer` and the result of `buffer.add(Self::BYTES)` are within bounds of the
         //   allocation we got from `Self::allocate_ring_buffer_memory`.
-        // * The computed offset is `PAGE_SIZE * size_of::<c_void>() == PAGE_SIZE bytes` which fits
-        //   in `isize`
         // * The resulting pointer is the beginning of the second page of our allocation, so it
         //   doesn't wrap around the address space.
-        let next_page = unsafe { buffer.add(PAGE_SIZE) };
+        let next_page = unsafe { buffer.add(Self::BYTES) };
 
         // SAFETY: We are calling the system call with valid arguments
         let _ = unsafe {
             Self::mmap(
                 next_page,
-                PAGE_SIZE,
+                Self::BYTES,
                 libc::PROT_READ | libc::PROT_WRITE,
                 libc::MAP_SHARED | libc::MAP_FIXED,
                 raw_memfd,
@@ -216,7 +207,7 @@ impl IovDeque {
     /// Returns `true` if the [`IovDeque`] is full, `false` otherwise
     #[inline(always)]
     pub fn is_full(&self) -> bool {
-        self.len() == FIRECRACKER_MAX_QUEUE_SIZE
+        self.len() == L
     }
 
     /// Resets the queue, dropping all its elements.
@@ -261,8 +252,8 @@ impl IovDeque {
 
         self.start += nr_iovecs;
         self.len -= nr_iovecs;
-        if self.start >= FIRECRACKER_MAX_QUEUE_SIZE {
-            self.start -= FIRECRACKER_MAX_QUEUE_SIZE;
+        if self.start >= L {
+            self.start -= L;
         }
     }
 
@@ -318,11 +309,11 @@ impl IovDeque {
     }
 }
 
-impl Drop for IovDeque {
+impl<const L: u16> Drop for IovDeque<L> {
     fn drop(&mut self) {
         // SAFETY: We are passing an address that we got from a previous allocation of `2 *
-        // PAGE_SIZE` bytes by calling mmap
-        let _ = unsafe { libc::munmap(self.iov.cast(), PAGE_SIZE * 2) };
+        // Self::BYTES` bytes by calling mmap
+        let _ = unsafe { libc::munmap(self.iov.cast(), Self::BYTES * 2) };
     }
 }
 

src/vmm/src/devices/virtio/iovec.rs

@@ -11,6 +11,7 @@ use vm_memory::{
 };
 
 use super::iov_deque::{IovDeque, IovDequeError};
+use super::queue::FIRECRACKER_MAX_QUEUE_SIZE;
 use crate::devices::virtio::queue::DescriptorChain;
 use crate::vstate::memory::GuestMemoryMmap;
 
@@ -223,10 +224,11 @@ pub struct ParsedDescriptorChain {
 /// It describes a write-only buffer passed to us by the guest that is scattered across multiple
 /// memory regions. Additionally, this wrapper provides methods that allow reading arbitrary ranges
 /// of data from that buffer.
+/// `L` const generic value must be a multiple of 256 as required by the `IovDeque` requirements.
 #[derive(Debug)]
-pub struct IoVecBufferMut {
+pub struct IoVecBufferMut<const L: u16 = FIRECRACKER_MAX_QUEUE_SIZE> {
     // container of the memory regions included in this IO vector
-    pub vecs: IovDeque,
+    pub vecs: IovDeque<L>,
     // Total length of the IoVecBufferMut
     // We use `u32` here because we use this type in devices which
     // should not give us huge buffers. In any case this
@@ -236,9 +238,9 @@ pub struct IoVecBufferMut {
 
 // SAFETY: `IoVecBufferMut` doesn't allow for interior mutability and no shared ownership is
 // possible as it doesn't implement clone
-unsafe impl Send for IoVecBufferMut {}
+unsafe impl<const L: u16> Send for IoVecBufferMut<L> {}
 
-impl IoVecBufferMut {
+impl<const L: u16> IoVecBufferMut<L> {
     /// Append a `DescriptorChain` in this `IoVecBufferMut`
     ///
     /// # Safety