2010-04-01 19:57:12 +02:00
|
|
|
/*
|
2011-07-20 10:05:30 +02:00
|
|
|
* Generic Balloon handlers and management
|
2010-04-01 19:57:12 +02:00
|
|
|
*
|
|
|
|
* Copyright (c) 2003-2008 Fabrice Bellard
|
2011-07-20 10:05:30 +02:00
|
|
|
* Copyright (C) 2011 Red Hat, Inc.
|
|
|
|
* Copyright (C) 2011 Amit Shah <amit.shah@redhat.com>
|
2010-04-01 19:57:12 +02:00
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "monitor.h"
|
|
|
|
#include "qjson.h"
|
|
|
|
#include "qint.h"
|
|
|
|
#include "cpu-common.h"
|
|
|
|
#include "kvm.h"
|
|
|
|
#include "balloon.h"
|
2010-08-11 13:46:03 +02:00
|
|
|
#include "trace.h"
|
2010-04-01 19:57:12 +02:00
|
|
|
|
2011-07-20 09:38:46 +02:00
|
|
|
static QEMUBalloonEvent *balloon_event_fn;
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 10:00:56 +02:00
|
|
|
static QEMUBalloonStatus *balloon_stat_fn;
|
2011-07-20 09:38:46 +02:00
|
|
|
static void *balloon_opaque;
|
2010-04-01 19:57:12 +02:00
|
|
|
|
2011-07-27 08:58:19 +02:00
|
|
|
int qemu_add_balloon_handler(QEMUBalloonEvent *event_func,
|
|
|
|
QEMUBalloonStatus *stat_func, void *opaque)
|
2010-04-01 19:57:12 +02:00
|
|
|
{
|
2011-07-27 08:58:19 +02:00
|
|
|
if (balloon_event_fn || balloon_stat_fn || balloon_opaque) {
|
|
|
|
/* We're already registered one balloon handler. How many can
|
|
|
|
* a guest really have?
|
|
|
|
*/
|
|
|
|
error_report("Another balloon device already registered");
|
|
|
|
return -1;
|
|
|
|
}
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 10:00:56 +02:00
|
|
|
balloon_event_fn = event_func;
|
|
|
|
balloon_stat_fn = stat_func;
|
2011-07-20 09:38:46 +02:00
|
|
|
balloon_opaque = opaque;
|
2011-07-27 08:58:19 +02:00
|
|
|
return 0;
|
2010-04-01 19:57:12 +02:00
|
|
|
}
|
|
|
|
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 10:00:56 +02:00
|
|
|
static int qemu_balloon(ram_addr_t target)
|
2010-04-01 19:57:12 +02:00
|
|
|
{
|
2011-07-20 09:44:12 +02:00
|
|
|
if (!balloon_event_fn) {
|
2010-04-01 19:57:12 +02:00
|
|
|
return 0;
|
|
|
|
}
|
2011-07-20 09:44:12 +02:00
|
|
|
trace_balloon_event(balloon_opaque, target);
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 10:00:56 +02:00
|
|
|
balloon_event_fn(balloon_opaque, target);
|
2011-07-20 09:44:12 +02:00
|
|
|
return 1;
|
2010-04-01 19:57:12 +02:00
|
|
|
}
|
|
|
|
|
2011-07-20 09:38:46 +02:00
|
|
|
static int qemu_balloon_status(MonitorCompletion cb, void *opaque)
|
2010-04-01 19:57:12 +02:00
|
|
|
{
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 10:00:56 +02:00
|
|
|
if (!balloon_stat_fn) {
|
2010-04-01 19:57:12 +02:00
|
|
|
return 0;
|
|
|
|
}
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 10:00:56 +02:00
|
|
|
balloon_stat_fn(balloon_opaque, cb, opaque);
|
2011-07-20 09:44:12 +02:00
|
|
|
return 1;
|
2010-04-01 19:57:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void print_balloon_stat(const char *key, QObject *obj, void *opaque)
|
|
|
|
{
|
|
|
|
Monitor *mon = opaque;
|
|
|
|
|
2011-07-20 09:42:15 +02:00
|
|
|
if (strcmp(key, "actual")) {
|
2010-04-01 19:57:12 +02:00
|
|
|
monitor_printf(mon, ",%s=%" PRId64, key,
|
|
|
|
qint_get_int(qobject_to_qint(obj)));
|
2011-07-20 09:42:15 +02:00
|
|
|
}
|
2010-04-01 19:57:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
void monitor_print_balloon(Monitor *mon, const QObject *data)
|
|
|
|
{
|
|
|
|
QDict *qdict;
|
|
|
|
|
|
|
|
qdict = qobject_to_qdict(data);
|
2011-07-20 09:42:15 +02:00
|
|
|
if (!qdict_haskey(qdict, "actual")) {
|
2010-04-01 19:57:12 +02:00
|
|
|
return;
|
2011-07-20 09:42:15 +02:00
|
|
|
}
|
2010-04-01 19:57:12 +02:00
|
|
|
monitor_printf(mon, "balloon: actual=%" PRId64,
|
|
|
|
qdict_get_int(qdict, "actual") >> 20);
|
|
|
|
qdict_iter(qdict, print_balloon_stat, mon);
|
|
|
|
monitor_printf(mon, "\n");
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* do_info_balloon(): Balloon information
|
|
|
|
*
|
|
|
|
* Make an asynchronous request for balloon info. When the request completes
|
|
|
|
* a QDict will be returned according to the following specification:
|
|
|
|
*
|
|
|
|
* - "actual": current balloon value in bytes
|
|
|
|
* The following fields may or may not be present:
|
|
|
|
* - "mem_swapped_in": Amount of memory swapped in (bytes)
|
|
|
|
* - "mem_swapped_out": Amount of memory swapped out (bytes)
|
|
|
|
* - "major_page_faults": Number of major faults
|
|
|
|
* - "minor_page_faults": Number of minor faults
|
|
|
|
* - "free_mem": Total amount of free and unused memory (bytes)
|
|
|
|
* - "total_mem": Total amount of available memory (bytes)
|
|
|
|
*
|
|
|
|
* Example:
|
|
|
|
*
|
|
|
|
* { "actual": 1073741824, "mem_swapped_in": 0, "mem_swapped_out": 0,
|
|
|
|
* "major_page_faults": 142, "minor_page_faults": 239245,
|
|
|
|
* "free_mem": 1014185984, "total_mem": 1044668416 }
|
|
|
|
*/
|
|
|
|
int do_info_balloon(Monitor *mon, MonitorCompletion cb, void *opaque)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (kvm_enabled() && !kvm_has_sync_mmu()) {
|
|
|
|
qerror_report(QERR_KVM_MISSING_CAP, "synchronous MMU", "balloon");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = qemu_balloon_status(cb, opaque);
|
|
|
|
if (!ret) {
|
|
|
|
qerror_report(QERR_DEVICE_NOT_ACTIVE, "balloon");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* do_balloon(): Request VM to change its memory allocation
|
|
|
|
*/
|
|
|
|
int do_balloon(Monitor *mon, const QDict *params,
|
|
|
|
MonitorCompletion cb, void *opaque)
|
|
|
|
{
|
2011-07-27 13:20:54 +02:00
|
|
|
int64_t target;
|
2010-04-01 19:57:12 +02:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (kvm_enabled() && !kvm_has_sync_mmu()) {
|
|
|
|
qerror_report(QERR_KVM_MISSING_CAP, "synchronous MMU", "balloon");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2011-07-27 13:20:54 +02:00
|
|
|
target = qdict_get_int(params, "value");
|
|
|
|
if (target <= 0) {
|
|
|
|
qerror_report(QERR_INVALID_PARAMETER_VALUE, "target", "a size");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
ret = qemu_balloon(target);
|
2010-04-01 19:57:12 +02:00
|
|
|
if (ret == 0) {
|
|
|
|
qerror_report(QERR_DEVICE_NOT_ACTIVE, "balloon");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
cb(opaque, NULL);
|
|
|
|
return 0;
|
|
|
|
}
|