2010-04-02 01:57:12 +08:00
|
|
|
/*
|
2011-07-20 16:05:30 +08:00
|
|
|
* Generic Balloon handlers and management
|
2010-04-02 01:57:12 +08:00
|
|
|
*
|
|
|
|
* Copyright (c) 2003-2008 Fabrice Bellard
|
2011-07-20 16:05:30 +08:00
|
|
|
* Copyright (C) 2011 Red Hat, Inc.
|
|
|
|
* Copyright (C) 2011 Amit Shah <amit.shah@redhat.com>
|
2010-04-02 01:57:12 +08:00
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "monitor.h"
|
|
|
|
#include "cpu-common.h"
|
|
|
|
#include "kvm.h"
|
|
|
|
#include "balloon.h"
|
2010-08-11 19:46:03 +08:00
|
|
|
#include "trace.h"
|
2011-10-21 21:41:37 +08:00
|
|
|
#include "qmp-commands.h"
|
2010-04-02 01:57:12 +08:00
|
|
|
|
2011-07-20 15:38:46 +08:00
|
|
|
static QEMUBalloonEvent *balloon_event_fn;
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 16:00:56 +08:00
|
|
|
static QEMUBalloonStatus *balloon_stat_fn;
|
2011-07-20 15:38:46 +08:00
|
|
|
static void *balloon_opaque;
|
2010-04-02 01:57:12 +08:00
|
|
|
|
2011-07-27 14:58:19 +08:00
|
|
|
int qemu_add_balloon_handler(QEMUBalloonEvent *event_func,
|
|
|
|
QEMUBalloonStatus *stat_func, void *opaque)
|
2010-04-02 01:57:12 +08:00
|
|
|
{
|
2011-07-27 14:58:19 +08:00
|
|
|
if (balloon_event_fn || balloon_stat_fn || balloon_opaque) {
|
|
|
|
/* We're already registered one balloon handler. How many can
|
|
|
|
* a guest really have?
|
|
|
|
*/
|
|
|
|
error_report("Another balloon device already registered");
|
|
|
|
return -1;
|
|
|
|
}
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 16:00:56 +08:00
|
|
|
balloon_event_fn = event_func;
|
|
|
|
balloon_stat_fn = stat_func;
|
2011-07-20 15:38:46 +08:00
|
|
|
balloon_opaque = opaque;
|
2011-07-27 14:58:19 +08:00
|
|
|
return 0;
|
2010-04-02 01:57:12 +08:00
|
|
|
}
|
|
|
|
|
2011-09-09 17:00:39 +08:00
|
|
|
void qemu_remove_balloon_handler(void *opaque)
|
|
|
|
{
|
|
|
|
if (balloon_opaque != opaque) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
balloon_event_fn = NULL;
|
|
|
|
balloon_stat_fn = NULL;
|
|
|
|
balloon_opaque = NULL;
|
|
|
|
}
|
|
|
|
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 16:00:56 +08:00
|
|
|
static int qemu_balloon(ram_addr_t target)
|
2010-04-02 01:57:12 +08:00
|
|
|
{
|
2011-07-20 15:44:12 +08:00
|
|
|
if (!balloon_event_fn) {
|
2010-04-02 01:57:12 +08:00
|
|
|
return 0;
|
|
|
|
}
|
2011-07-20 15:44:12 +08:00
|
|
|
trace_balloon_event(balloon_opaque, target);
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 16:00:56 +08:00
|
|
|
balloon_event_fn(balloon_opaque, target);
|
2011-07-20 15:44:12 +08:00
|
|
|
return 1;
|
2010-04-02 01:57:12 +08:00
|
|
|
}
|
|
|
|
|
2011-10-21 21:41:37 +08:00
|
|
|
static int qemu_balloon_status(BalloonInfo *info)
|
2010-04-02 01:57:12 +08:00
|
|
|
{
|
balloon: Separate out stat and balloon handling
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2011-07-20 16:00:56 +08:00
|
|
|
if (!balloon_stat_fn) {
|
2010-04-02 01:57:12 +08:00
|
|
|
return 0;
|
|
|
|
}
|
2011-10-21 21:41:37 +08:00
|
|
|
balloon_stat_fn(balloon_opaque, info);
|
2011-07-20 15:44:12 +08:00
|
|
|
return 1;
|
2010-04-02 01:57:12 +08:00
|
|
|
}
|
|
|
|
|
2011-10-21 21:41:37 +08:00
|
|
|
BalloonInfo *qmp_query_balloon(Error **errp)
|
2010-04-02 01:57:12 +08:00
|
|
|
{
|
2011-10-21 21:41:37 +08:00
|
|
|
BalloonInfo *info;
|
2010-04-02 01:57:12 +08:00
|
|
|
|
|
|
|
if (kvm_enabled() && !kvm_has_sync_mmu()) {
|
2011-10-21 21:41:37 +08:00
|
|
|
error_set(errp, QERR_KVM_MISSING_CAP, "synchronous MMU", "balloon");
|
|
|
|
return NULL;
|
2010-04-02 01:57:12 +08:00
|
|
|
}
|
|
|
|
|
2011-10-21 21:41:37 +08:00
|
|
|
info = g_malloc0(sizeof(*info));
|
|
|
|
|
|
|
|
if (qemu_balloon_status(info) == 0) {
|
|
|
|
error_set(errp, QERR_DEVICE_NOT_ACTIVE, "balloon");
|
|
|
|
qapi_free_BalloonInfo(info);
|
|
|
|
return NULL;
|
2010-04-02 01:57:12 +08:00
|
|
|
}
|
|
|
|
|
2011-10-21 21:41:37 +08:00
|
|
|
return info;
|
2010-04-02 01:57:12 +08:00
|
|
|
}
|
|
|
|
|
2011-11-26 00:38:09 +08:00
|
|
|
void qmp_balloon(int64_t value, Error **errp)
|
2010-04-02 01:57:12 +08:00
|
|
|
{
|
|
|
|
if (kvm_enabled() && !kvm_has_sync_mmu()) {
|
2011-11-26 00:38:09 +08:00
|
|
|
error_set(errp, QERR_KVM_MISSING_CAP, "synchronous MMU", "balloon");
|
|
|
|
return;
|
2010-04-02 01:57:12 +08:00
|
|
|
}
|
|
|
|
|
2011-11-26 00:38:09 +08:00
|
|
|
if (value <= 0) {
|
2011-07-27 19:20:54 +08:00
|
|
|
qerror_report(QERR_INVALID_PARAMETER_VALUE, "target", "a size");
|
2011-11-26 00:38:09 +08:00
|
|
|
return;
|
2011-07-27 19:20:54 +08:00
|
|
|
}
|
2011-11-26 00:38:09 +08:00
|
|
|
|
|
|
|
if (qemu_balloon(value) == 0) {
|
|
|
|
error_set(errp, QERR_DEVICE_NOT_ACTIVE, "balloon");
|
2010-04-02 01:57:12 +08:00
|
|
|
}
|
|
|
|
}
|