search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MAINTAINERS: Add artist.c to the hppa machine section
[qemu/kevin.git] / hw / hyperv / hv-balloon.c
blob66f297c1d7e3d93d8d87b54e5df608df84318b2b
1 /*
2 * QEMU Hyper-V Dynamic Memory Protocol driver
3 *
4 * Copyright (C) 2020-2023 Oracle and/or its affiliates.
5 *
6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
8 */
9
10 #include "hv-balloon-internal.h"
11
12 #include "exec/address-spaces.h"
13 #include "exec/cpu-common.h"
14 #include "exec/ramblock.h"
15 #include "hw/boards.h"
16 #include "hw/hyperv/dynmem-proto.h"
17 #include "hw/hyperv/hv-balloon.h"
18 #include "hw/hyperv/vmbus.h"
19 #include "hw/mem/memory-device.h"
20 #include "hw/mem/pc-dimm.h"
21 #include "hw/qdev-core.h"
22 #include "hw/qdev-properties.h"
23 #include "monitor/qdev.h"
24 #include "qapi/error.h"
25 #include "qapi/qapi-commands-machine.h"
26 #include "qapi/qapi-events-machine.h"
27 #include "qapi/qapi-types-machine.h"
28 #include "qapi/qmp/qdict.h"
29 #include "qapi/visitor.h"
30 #include "qemu/error-report.h"
31 #include "qemu/module.h"
32 #include "qemu/units.h"
33 #include "qemu/timer.h"
34 #include "sysemu/balloon.h"
35 #include "sysemu/hostmem.h"
36 #include "sysemu/reset.h"
37 #include "hv-balloon-our_range_memslots.h"
38 #include "hv-balloon-page_range_tree.h"
39 #include "trace.h"
40
41 #define HV_BALLOON_ADDR_PROP "addr"
42 #define HV_BALLOON_MEMDEV_PROP "memdev"
43 #define HV_BALLOON_GUID "525074DC-8985-46e2-8057-A307DC18A502"
44
45 /*
46 * Some Windows versions (at least Server 2019) will crash with various
47 * error codes when receiving DM protocol requests (at least
48 * DM_MEM_HOT_ADD_REQUEST) immediately after boot.
49 *
50 * It looks like Hyper-V from Server 2016 uses a 50-second after-boot
51 * delay, probably to workaround this issue, so we'll use this value, too.
52 */
53 #define HV_BALLOON_POST_INIT_WAIT (50 * 1000)
54
55 #define HV_BALLOON_HA_CHUNK_SIZE (2 * GiB)
56 #define HV_BALLOON_HA_CHUNK_PAGES (HV_BALLOON_HA_CHUNK_SIZE / HV_BALLOON_PAGE_SIZE)
57
58 #define HV_BALLOON_HA_MEMSLOT_SIZE_ALIGN (128 * MiB)
59
60 #define HV_BALLOON_HR_CHUNK_PAGES 585728
61 /*
62 * ^ that's the maximum number of pages
63 * that Windows returns in one hot remove response
64 *
65 * If the number requested is too high Windows will no longer honor
66 * these requests
67 */
68
69 struct HvBalloonClass {
70 VMBusDeviceClass parent_class;
71 } HvBalloonClass;
72
73 typedef enum State {
74 /* not a real state */
75 S_NO_CHANGE = 0,
76
77 S_WAIT_RESET,
78 S_POST_RESET_CLOSED,
79
80 /* init flow */
81 S_VERSION,
82 S_CAPS,
83 S_POST_INIT_WAIT,
84
85 S_IDLE,
86
87 /* balloon op flow */
88 S_BALLOON_POSTING,
89 S_BALLOON_RB_WAIT,
90 S_BALLOON_REPLY_WAIT,
91
92 /* unballoon + hot add ops flow */
93 S_UNBALLOON_POSTING,
94 S_UNBALLOON_RB_WAIT,
95 S_UNBALLOON_REPLY_WAIT,
96 S_HOT_ADD_SETUP,
97 S_HOT_ADD_RB_WAIT,
98 S_HOT_ADD_POSTING,
99 S_HOT_ADD_REPLY_WAIT,
100 } State;
101
102 typedef struct StateDesc {
103 State state;
104 const char *desc;
105 } StateDesc;
106
107 typedef struct HvBalloon {
108 VMBusDevice parent;
109 State state;
110
111 union dm_version version;
112 union dm_caps caps;
113
114 QEMUTimer post_init_timer;
115
116 unsigned int trans_id;
117
118 struct {
119 bool enabled;
120 bool received;
121 uint64_t committed;
122 uint64_t available;
123 } status_report;
124
125 /* Guest target size */
126 uint64_t target;
127 bool target_changed;
128
129 /* Current (un)balloon / hot-add operation parameters */
130 union {
131 uint64_t balloon_diff;
132
133 struct {
134 uint64_t unballoon_diff;
135 uint64_t hot_add_diff;
136 };
137
138 struct {
139 PageRange hot_add_range;
140 uint64_t ha_current_count;
141 };
142 };
143
144 OurRangeMemslots *our_range;
145
146 /* Count of memslots covering our memory */
147 unsigned int memslot_count;
148
149 /* Nominal size of each memslot (the last one might be smaller) */
150 uint64_t memslot_size;
151
152 /* Non-ours removed memory */
153 PageRangeTree removed_guest, removed_both;
154
155 /* Grand totals of removed memory (both ours and non-ours) */
156 uint64_t removed_guest_ctr, removed_both_ctr;
157
158 /* MEMORY_DEVICE props */
159 uint64_t addr;
160 HostMemoryBackend *hostmem;
161 MemoryRegion *mr;
162 } HvBalloon;
163
164 OBJECT_DEFINE_TYPE_WITH_INTERFACES(HvBalloon, hv_balloon, HV_BALLOON, VMBUS_DEVICE, \
165 { TYPE_MEMORY_DEVICE }, { })
166
167 #define HV_BALLOON_SET_STATE(hvb, news) \
168 do { \
169 assert(news != S_NO_CHANGE); \
170 hv_balloon_state_set(hvb, news, # news); \
171 } while (0)
172
173 #define HV_BALLOON_STATE_DESC_SET(stdesc, news) \
174 _hv_balloon_state_desc_set(stdesc, news, # news)
175
176 #define HV_BALLOON_STATE_DESC_INIT \
177 { \
178 .state = S_NO_CHANGE, \
179 }
180
181 typedef struct HvBalloonReq {
182 VMBusChanReq vmreq;
183 } HvBalloonReq;
184
185 /* total our memory includes parts currently removed from the guest */
186 static uint64_t hv_balloon_total_our_ram(HvBalloon *balloon)
187 {
188 if (!balloon->our_range) {
189 return 0;
190 }
191
192 return balloon->our_range->range.added;
193 }
194
195 /* TODO: unify the code below with virtio-balloon and cache the value */
196 static int build_dimm_list(Object *obj, void *opaque)
197 {
198 GSList **list = opaque;
199
200 if (object_dynamic_cast(obj, TYPE_PC_DIMM)) {
201 DeviceState *dev = DEVICE(obj);
202 if (dev->realized) { /* only realized DIMMs matter */
203 *list = g_slist_prepend(*list, dev);
204 }
205 }
206
207 object_child_foreach(obj, build_dimm_list, opaque);
208 return 0;
209 }
210
211 static ram_addr_t get_current_ram_size(void)
212 {
213 GSList *list = NULL, *item;
214 ram_addr_t size = current_machine->ram_size;
215
216 build_dimm_list(qdev_get_machine(), &list);
217 for (item = list; item; item = g_slist_next(item)) {
218 Object *obj = OBJECT(item->data);
219 if (!strcmp(object_get_typename(obj), TYPE_PC_DIMM))
220 size += object_property_get_int(obj, PC_DIMM_SIZE_PROP,
221 &error_abort);
222 }
223 g_slist_free(list);
224
225 return size;
226 }
227
228 /* total RAM includes memory currently removed from the guest */
229 static uint64_t hv_balloon_total_ram(HvBalloon *balloon)
230 {
231 ram_addr_t ram_size = get_current_ram_size();
232 uint64_t ram_size_pages = ram_size >> HV_BALLOON_PFN_SHIFT;
233 uint64_t our_ram_size_pages = hv_balloon_total_our_ram(balloon);
234
235 assert(ram_size_pages > 0);
236
237 return SUM_SATURATE_U64(ram_size_pages, our_ram_size_pages);
238 }
239
240 /*
241 * calculating the total RAM size is a slow operation,
242 * avoid it as much as possible
243 */
244 static uint64_t hv_balloon_total_removed_rs(HvBalloon *balloon,
245 uint64_t ram_size_pages)
246 {
247 uint64_t total_removed;
248
249 total_removed = SUM_SATURATE_U64(balloon->removed_guest_ctr,
250 balloon->removed_both_ctr);
251
252 /* possible if guest returns pages outside actual RAM */
253 if (total_removed > ram_size_pages) {
254 total_removed = ram_size_pages;
255 }
256
257 return total_removed;
258 }
259
260 /* Returns whether the state has actually changed */
261 static bool hv_balloon_state_set(HvBalloon *balloon,
262 State newst, const char *newststr)
263 {
264 if (newst == S_NO_CHANGE || balloon->state == newst) {
265 return false;
266 }
267
268 balloon->state = newst;
269 trace_hv_balloon_state_change(newststr);
270 return true;
271 }
272
273 static void _hv_balloon_state_desc_set(StateDesc *stdesc,
274 State newst, const char *newststr)
275 {
276 /* state setting is only permitted on a freshly init desc */
277 assert(stdesc->state == S_NO_CHANGE);
278
279 assert(newst != S_NO_CHANGE);
280
281 stdesc->state = newst;
282 stdesc->desc = newststr;
283 }
284
285 static VMBusChannel *hv_balloon_get_channel_maybe(HvBalloon *balloon)
286 {
287 return vmbus_device_channel(&balloon->parent, 0);
288 }
289
290 static VMBusChannel *hv_balloon_get_channel(HvBalloon *balloon)
291 {
292 VMBusChannel *chan;
293
294 chan = hv_balloon_get_channel_maybe(balloon);
295 assert(chan != NULL);
296 return chan;
297 }
298
299 static ssize_t hv_balloon_send_packet(VMBusChannel *chan,
300 struct dm_message *msg)
301 {
302 int ret;
303
304 ret = vmbus_channel_reserve(chan, 0, msg->hdr.size);
305 if (ret < 0) {
306 return ret;
307 }
308
309 return vmbus_channel_send(chan, VMBUS_PACKET_DATA_INBAND,
310 NULL, 0, msg, msg->hdr.size, false,
311 msg->hdr.trans_id);
312 }
313
314 static bool hv_balloon_unballoon_get_source(HvBalloon *balloon,
315 PageRangeTree *dtree,
316 uint64_t **dctr,
317 bool *is_our_range)
318 {
319 OurRange *our_range = OUR_RANGE(balloon->our_range);
320
321 /* Try the boot memory first */
322 if (g_tree_nnodes(balloon->removed_guest.t) > 0) {
323 *dtree = balloon->removed_guest;
324 *dctr = &balloon->removed_guest_ctr;
325 *is_our_range = false;
326 } else if (g_tree_nnodes(balloon->removed_both.t) > 0) {
327 *dtree = balloon->removed_both;
328 *dctr = &balloon->removed_both_ctr;
329 *is_our_range = false;
330 } else if (!our_range) {
331 return false;
332 } else if (!our_range_is_removed_tree_empty(our_range, false)) {
333 *dtree = our_range_get_removed_tree(our_range, false);
334 *dctr = &balloon->removed_guest_ctr;
335 *is_our_range = true;
336 } else if (!our_range_is_removed_tree_empty(our_range, true)) {
337 *dtree = our_range_get_removed_tree(our_range, true);
338 *dctr = &balloon->removed_both_ctr;
339 *is_our_range = true;
340 } else {
341 return false;
342 }
343
344 return true;
345 }
346
347 static void hv_balloon_unballoon_rb_wait(HvBalloon *balloon, StateDesc *stdesc)
348 {
349 VMBusChannel *chan = hv_balloon_get_channel(balloon);
350 struct dm_unballoon_request *ur;
351 size_t ur_size = sizeof(*ur) + sizeof(ur->range_array[0]);
352
353 assert(balloon->state == S_UNBALLOON_RB_WAIT);
354
355 if (vmbus_channel_reserve(chan, 0, ur_size) < 0) {
356 return;
357 }
358
359 HV_BALLOON_STATE_DESC_SET(stdesc, S_UNBALLOON_POSTING);
360 }
361
362 static void hv_balloon_unballoon_posting(HvBalloon *balloon, StateDesc *stdesc)
363 {
364 VMBusChannel *chan = hv_balloon_get_channel(balloon);
365 PageRangeTree dtree;
366 uint64_t *dctr;
367 bool our_range;
368 struct dm_unballoon_request *ur;
369 size_t ur_size = sizeof(*ur) + sizeof(ur->range_array[0]);
370 PageRange range;
371 bool bret;
372 ssize_t ret;
373
374 assert(balloon->state == S_UNBALLOON_POSTING);
375 assert(balloon->unballoon_diff > 0);
376
377 if (!hv_balloon_unballoon_get_source(balloon, &dtree, &dctr, &our_range)) {
378 error_report("trying to unballoon but nothing seems to be ballooned");
379 /*
380 * there is little we can do as we might have already
381 * sent the guest a partial request we can't cancel
382 */
383 return;
384 }
385
386 assert(balloon->our_range || !our_range);
387 assert(dtree.t);
388 assert(dctr);
389
390 ur = alloca(ur_size);
391 memset(ur, 0, ur_size);
392 ur->hdr.type = DM_UNBALLOON_REQUEST;
393 ur->hdr.size = ur_size;
394 ur->hdr.trans_id = balloon->trans_id;
395
396 bret = hvb_page_range_tree_pop(dtree, &range, MIN(balloon->unballoon_diff,
397 HV_BALLOON_HA_CHUNK_PAGES));
398 assert(bret);
399 /* TODO: madvise? */
400
401 *dctr -= range.count;
402 balloon->unballoon_diff -= range.count;
403
404 ur->range_count = 1;
405 ur->range_array[0].finfo.start_page = range.start;
406 ur->range_array[0].finfo.page_cnt = range.count;
407 ur->more_pages = balloon->unballoon_diff > 0;
408
409 trace_hv_balloon_outgoing_unballoon(ur->hdr.trans_id,
410 range.count, range.start,
411 balloon->unballoon_diff);
412
413 if (ur->more_pages) {
414 HV_BALLOON_STATE_DESC_SET(stdesc, S_UNBALLOON_RB_WAIT);
415 } else {
416 HV_BALLOON_STATE_DESC_SET(stdesc, S_UNBALLOON_REPLY_WAIT);
417 }
418
419 ret = vmbus_channel_send(chan, VMBUS_PACKET_DATA_INBAND,
420 NULL, 0, ur, ur_size, false,
421 ur->hdr.trans_id);
422 if (ret <= 0) {
423 error_report("error %zd when posting unballoon msg, expect problems",
424 ret);
425 }
426 }
427
428 static bool hv_balloon_our_range_ensure(HvBalloon *balloon)
429 {
430 uint64_t align;
431 MemoryRegion *hostmem_mr;
432 g_autoptr(OurRangeMemslots) our_range_memslots = NULL;
433 OurRange *our_range;
434
435 if (balloon->our_range) {
436 return true;
437 }
438
439 if (!balloon->hostmem) {
440 return false;
441 }
442
443 align = (1 << balloon->caps.cap_bits.hot_add_alignment) * MiB;
444 assert(QEMU_IS_ALIGNED(balloon->addr, align));
445
446 hostmem_mr = host_memory_backend_get_memory(balloon->hostmem);
447
448 our_range_memslots = hvb_our_range_memslots_new(balloon->addr,
449 balloon->mr, hostmem_mr,
450 OBJECT(balloon),
451 balloon->memslot_count,
452 balloon->memslot_size);
453 our_range = OUR_RANGE(our_range_memslots);
454
455 if (hvb_page_range_tree_intree_any(balloon->removed_guest,
456 our_range->range.start,
457 our_range->range.count) ||
458 hvb_page_range_tree_intree_any(balloon->removed_both,
459 our_range->range.start,
460 our_range->range.count)) {
461 error_report("some parts of the memory backend were already returned by the guest. this should not happen, please reboot the guest and try again");
462 return false;
463 }
464
465 trace_hv_balloon_our_range_add(our_range->range.count,
466 our_range->range.start);
467
468 balloon->our_range = g_steal_pointer(&our_range_memslots);
469 return true;
470 }
471
472 static void hv_balloon_hot_add_setup(HvBalloon *balloon, StateDesc *stdesc)
473 {
474 /* need to make copy since it is in union with hot_add_range */
475 uint64_t hot_add_diff = balloon->hot_add_diff;
476 PageRange *hot_add_range = &balloon->hot_add_range;
477 uint64_t align, our_range_remaining;
478 OurRange *our_range;
479
480 assert(balloon->state == S_HOT_ADD_SETUP);
481 assert(hot_add_diff > 0);
482
483 if (!hv_balloon_our_range_ensure(balloon)) {
484 goto ret_idle;
485 }
486
487 our_range = OUR_RANGE(balloon->our_range);
488
489 align = (1 << balloon->caps.cap_bits.hot_add_alignment) *
490 (MiB / HV_BALLOON_PAGE_SIZE);
491
492 /* Absolute GPA in pages */
493 hot_add_range->start = our_range_get_remaining_start(our_range);
494 assert(QEMU_IS_ALIGNED(hot_add_range->start, align));
495
496 our_range_remaining = our_range_get_remaining_size(our_range);
497 hot_add_range->count = MIN(our_range_remaining, hot_add_diff);
498 hot_add_range->count = QEMU_ALIGN_DOWN(hot_add_range->count, align);
499 if (hot_add_range->count == 0) {
500 goto ret_idle;
501 }
502
503 hvb_our_range_memslots_ensure_mapped_additional(balloon->our_range,
504 hot_add_range->count);
505
506 HV_BALLOON_STATE_DESC_SET(stdesc, S_HOT_ADD_RB_WAIT);
507 return;
508
509 ret_idle:
510 HV_BALLOON_STATE_DESC_SET(stdesc, S_IDLE);
511 }
512
513 static void hv_balloon_hot_add_rb_wait(HvBalloon *balloon, StateDesc *stdesc)
514 {
515 VMBusChannel *chan = hv_balloon_get_channel(balloon);
516 struct dm_hot_add *ha;
517 size_t ha_size = sizeof(*ha) + sizeof(ha->range);
518
519 assert(balloon->state == S_HOT_ADD_RB_WAIT);
520
521 if (vmbus_channel_reserve(chan, 0, ha_size) < 0) {
522 return;
523 }
524
525 HV_BALLOON_STATE_DESC_SET(stdesc, S_HOT_ADD_POSTING);
526 }
527
528 static void hv_balloon_hot_add_posting(HvBalloon *balloon, StateDesc *stdesc)
529 {
530 PageRange *hot_add_range = &balloon->hot_add_range;
531 uint64_t *current_count = &balloon->ha_current_count;
532 VMBusChannel *chan = hv_balloon_get_channel(balloon);
533 struct dm_hot_add *ha;
534 size_t ha_size = sizeof(*ha) + sizeof(ha->range);
535 union dm_mem_page_range *ha_region;
536 uint64_t align, chunk_max_size;
537 ssize_t ret;
538
539 assert(balloon->state == S_HOT_ADD_POSTING);
540 assert(hot_add_range->count > 0);
541
542 align = (1 << balloon->caps.cap_bits.hot_add_alignment) *
543 (MiB / HV_BALLOON_PAGE_SIZE);
544 if (align >= HV_BALLOON_HA_CHUNK_PAGES) {
545 /*
546 * If the required alignment is higher than the chunk size we let it
547 * override that size.
548 */
549 chunk_max_size = align;
550 } else {
551 chunk_max_size = QEMU_ALIGN_DOWN(HV_BALLOON_HA_CHUNK_PAGES, align);
552 }
553
554 /*
555 * hot_add_range->count starts aligned in hv_balloon_hot_add_setup(),
556 * then it is either reduced by subtracting aligned current_count or
557 * further hot-adds are prevented by marking the whole remaining our range
558 * as unusable in hv_balloon_handle_hot_add_response().
559 */
560 *current_count = MIN(hot_add_range->count, chunk_max_size);
561
562 ha = alloca(ha_size);
563 ha_region = &(&ha->range)[1];
564 memset(ha, 0, ha_size);
565 ha->hdr.type = DM_MEM_HOT_ADD_REQUEST;
566 ha->hdr.size = ha_size;
567 ha->hdr.trans_id = balloon->trans_id;
568
569 ha->range.finfo.start_page = hot_add_range->start;
570 ha->range.finfo.page_cnt = *current_count;
571 ha_region->finfo.start_page = hot_add_range->start;
572 ha_region->finfo.page_cnt = ha->range.finfo.page_cnt;
573
574 trace_hv_balloon_outgoing_hot_add(ha->hdr.trans_id,
575 *current_count, hot_add_range->start);
576
577 ret = vmbus_channel_send(chan, VMBUS_PACKET_DATA_INBAND,
578 NULL, 0, ha, ha_size, false,
579 ha->hdr.trans_id);
580 if (ret <= 0) {
581 error_report("error %zd when posting hot add msg, expect problems",
582 ret);
583 }
584
585 HV_BALLOON_STATE_DESC_SET(stdesc, S_HOT_ADD_REPLY_WAIT);
586 }
587
588 static void hv_balloon_balloon_rb_wait(HvBalloon *balloon, StateDesc *stdesc)
589 {
590 VMBusChannel *chan = hv_balloon_get_channel(balloon);
591 size_t bl_size = sizeof(struct dm_balloon);
592
593 assert(balloon->state == S_BALLOON_RB_WAIT);
594
595 if (vmbus_channel_reserve(chan, 0, bl_size) < 0) {
596 return;
597 }
598
599 HV_BALLOON_STATE_DESC_SET(stdesc, S_BALLOON_POSTING);
600 }
601
602 static void hv_balloon_balloon_posting(HvBalloon *balloon, StateDesc *stdesc)
603 {
604 VMBusChannel *chan = hv_balloon_get_channel(balloon);
605 struct dm_balloon bl;
606 size_t bl_size = sizeof(bl);
607 ssize_t ret;
608
609 assert(balloon->state == S_BALLOON_POSTING);
610 assert(balloon->balloon_diff > 0);
611
612 memset(&bl, 0, sizeof(bl));
613 bl.hdr.type = DM_BALLOON_REQUEST;
614 bl.hdr.size = bl_size;
615 bl.hdr.trans_id = balloon->trans_id;
616 bl.num_pages = MIN(balloon->balloon_diff, HV_BALLOON_HR_CHUNK_PAGES);
617
618 trace_hv_balloon_outgoing_balloon(bl.hdr.trans_id, bl.num_pages,
619 balloon->balloon_diff);
620
621 ret = vmbus_channel_send(chan, VMBUS_PACKET_DATA_INBAND,
622 NULL, 0, &bl, bl_size, false,
623 bl.hdr.trans_id);
624 if (ret <= 0) {
625 error_report("error %zd when posting balloon msg, expect problems",
626 ret);
627 }
628
629 HV_BALLOON_STATE_DESC_SET(stdesc, S_BALLOON_REPLY_WAIT);
630 }
631
632 static void hv_balloon_idle_state_process_target(HvBalloon *balloon,
633 StateDesc *stdesc)
634 {
635 bool can_balloon = balloon->caps.cap_bits.balloon;
636 uint64_t ram_size_pages, total_removed;
637
638 ram_size_pages = hv_balloon_total_ram(balloon);
639 total_removed = hv_balloon_total_removed_rs(balloon, ram_size_pages);
640
641 /*
642 * we need to cache the values computed from the balloon target value when
643 * starting the adjustment procedure in case someone changes the target when
644 * the procedure is in progress
645 */
646 if (balloon->target > ram_size_pages - total_removed) {
647 bool can_hot_add = balloon->caps.cap_bits.hot_add;
648 uint64_t target_diff = balloon->target -
649 (ram_size_pages - total_removed);
650
651 balloon->unballoon_diff = MIN(target_diff, total_removed);
652
653 if (can_hot_add) {
654 balloon->hot_add_diff = target_diff - balloon->unballoon_diff;
655 } else {
656 balloon->hot_add_diff = 0;
657 }
658
659 if (balloon->unballoon_diff > 0) {
660 assert(can_balloon);
661 HV_BALLOON_STATE_DESC_SET(stdesc, S_UNBALLOON_RB_WAIT);
662 } else if (balloon->hot_add_diff > 0) {
663 HV_BALLOON_STATE_DESC_SET(stdesc, S_HOT_ADD_SETUP);
664 }
665 } else if (can_balloon &&
666 balloon->target < ram_size_pages - total_removed) {
667 balloon->balloon_diff = ram_size_pages - total_removed -
668 balloon->target;
669 HV_BALLOON_STATE_DESC_SET(stdesc, S_BALLOON_RB_WAIT);
670 }
671 }
672
673 static void hv_balloon_idle_state(HvBalloon *balloon,
674 StateDesc *stdesc)
675 {
676 assert(balloon->state == S_IDLE);
677
678 if (balloon->target_changed) {
679 balloon->target_changed = false;
680 hv_balloon_idle_state_process_target(balloon, stdesc);
681 return;
682 }
683 }
684
685 static const struct {
686 void (*handler)(HvBalloon *balloon, StateDesc *stdesc);
687 } state_handlers[] = {
688 [S_IDLE].handler = hv_balloon_idle_state,
689 [S_BALLOON_POSTING].handler = hv_balloon_balloon_posting,
690 [S_BALLOON_RB_WAIT].handler = hv_balloon_balloon_rb_wait,
691 [S_UNBALLOON_POSTING].handler = hv_balloon_unballoon_posting,
692 [S_UNBALLOON_RB_WAIT].handler = hv_balloon_unballoon_rb_wait,
693 [S_HOT_ADD_SETUP].handler = hv_balloon_hot_add_setup,
694 [S_HOT_ADD_RB_WAIT].handler = hv_balloon_hot_add_rb_wait,
695 [S_HOT_ADD_POSTING].handler = hv_balloon_hot_add_posting,
696 };
697
698 static void hv_balloon_handle_state(HvBalloon *balloon, StateDesc *stdesc)
699 {
700 if (balloon->state >= ARRAY_SIZE(state_handlers) ||
701 !state_handlers[balloon->state].handler) {
702 return;
703 }
704
705 state_handlers[balloon->state].handler(balloon, stdesc);
706 }
707
708 static void hv_balloon_remove_response_insert_range(PageRangeTree tree,
709 const PageRange *range,
710 uint64_t *ctr1,
711 uint64_t *ctr2,
712 uint64_t *ctr3)
713 {
714 uint64_t dupcount, effcount;
715
716 if (range->count == 0) {
717 return;
718 }
719
720 dupcount = 0;
721 hvb_page_range_tree_insert(tree, range->start, range->count, &dupcount);
722
723 assert(dupcount <= range->count);
724 effcount = range->count - dupcount;
725
726 *ctr1 += effcount;
727 *ctr2 += effcount;
728 if (ctr3) {
729 *ctr3 += effcount;
730 }
731 }
732
733 static void hv_balloon_remove_response_handle_range(HvBalloon *balloon,
734 PageRange *range,
735 bool both,
736 uint64_t *removedctr)
737 {
738 OurRange *our_range = OUR_RANGE(balloon->our_range);
739 PageRangeTree globaltree =
740 both ? balloon->removed_both : balloon->removed_guest;
741 uint64_t *globalctr =
742 both ? &balloon->removed_both_ctr : &balloon->removed_guest_ctr;
743 PageRange rangeeff;
744
745 if (range->count == 0) {
746 return;
747 }
748
749 trace_hv_balloon_remove_response(range->count, range->start, both);
750
751 if (our_range) {
752 /* Includes the not-yet-hot-added and unusable parts. */
753 rangeeff = our_range->range;
754 } else {
755 rangeeff.start = rangeeff.count = 0;
756 }
757
758 if (page_range_intersection_size(range, rangeeff.start, rangeeff.count) > 0) {
759 PageRangeTree ourtree = our_range_get_removed_tree(our_range, both);
760 PageRange rangehole, rangecommon;
761 uint64_t ourremoved = 0;
762
763 /* process the hole before our range, if it exists */
764 page_range_part_before(range, rangeeff.start, &rangehole);
765 hv_balloon_remove_response_insert_range(globaltree, &rangehole,
766 globalctr, removedctr, NULL);
767 if (rangehole.count > 0) {
768 trace_hv_balloon_remove_response_hole(rangehole.count,
769 rangehole.start,
770 range->count, range->start,
771 rangeeff.start, both);
772 }
773
774 /* process our part */
775 page_range_intersect(range, rangeeff.start, rangeeff.count,
776 &rangecommon);
777 hv_balloon_remove_response_insert_range(ourtree, &rangecommon,
778 globalctr, removedctr,
779 &ourremoved);
780 if (rangecommon.count > 0) {
781 trace_hv_balloon_remove_response_common(rangecommon.count,
782 rangecommon.start,
783 range->count, range->start,
784 rangeeff.count,
785 rangeeff.start, ourremoved,
786 both);
787 }
788
789 /* calculate what's left after our range */
790 rangecommon = *range;
791 page_range_part_after(&rangecommon, rangeeff.start, rangeeff.count,
792 range);
793 }
794
795 /* process the remainder of the range that lies after our range */
796 if (range->count > 0) {
797 hv_balloon_remove_response_insert_range(globaltree, range,
798 globalctr, removedctr, NULL);
799 trace_hv_balloon_remove_response_remainder(range->count, range->start,
800 both);
801 range->count = 0;
802 }
803 }
804
805 static void hv_balloon_remove_response_handle_pages(HvBalloon *balloon,
806 PageRange *range,
807 uint64_t start,
808 uint64_t count,
809 bool both,
810 uint64_t *removedctr)
811 {
812 assert(count > 0);
813
814 /*
815 * if there is an existing range that the new range can't be joined to
816 * dump it into tree(s)
817 */
818 if (range->count > 0 && !page_range_joinable(range, start, count)) {
819 hv_balloon_remove_response_handle_range(balloon, range, both,
820 removedctr);
821 }
822
823 if (range->count == 0) {
824 range->start = start;
825 range->count = count;
826 } else if (page_range_joinable_left(range, start, count)) {
827 range->start = start;
828 range->count += count;
829 } else { /* page_range_joinable_right() */
830 range->count += count;
831 }
832 }
833
834 static gboolean hv_balloon_handle_remove_host_addr_node(gpointer key,
835 gpointer value,
836 gpointer data)
837 {
838 PageRange *range = value;
839 uint64_t pageoff;
840
841 for (pageoff = 0; pageoff < range->count; ) {
842 uint64_t addr_64 = (range->start + pageoff) * HV_BALLOON_PAGE_SIZE;
843 void *addr;
844 RAMBlock *rb;
845 ram_addr_t rb_offset;
846 size_t rb_page_size;
847 size_t discard_size;
848
849 assert(addr_64 <= UINTPTR_MAX);
850 addr = (void *)((uintptr_t)addr_64);
851 rb = qemu_ram_block_from_host(addr, false, &rb_offset);
852 rb_page_size = qemu_ram_pagesize(rb);
853
854 if (rb_page_size != HV_BALLOON_PAGE_SIZE) {
855 /* TODO: these should end in "removed_guest" */
856 warn_report("guest reported removed page backed by unsupported page size %zu",
857 rb_page_size);
858 pageoff++;
859 continue;
860 }
861
862 discard_size = MIN(range->count - pageoff,
863 (rb->max_length - rb_offset) /
864 HV_BALLOON_PAGE_SIZE);
865 discard_size = MAX(discard_size, 1);
866
867 if (ram_block_discard_range(rb, rb_offset, discard_size *
868 HV_BALLOON_PAGE_SIZE) != 0) {
869 warn_report("guest reported removed page failed discard");
870 }
871
872 pageoff += discard_size;
873 }
874
875 return false;
876 }
877
878 static void hv_balloon_handle_remove_host_addr_tree(PageRangeTree tree)
879 {
880 g_tree_foreach(tree.t, hv_balloon_handle_remove_host_addr_node, NULL);
881 }
882
883 static int hv_balloon_handle_remove_section(PageRangeTree tree,
884 const MemoryRegionSection *section,
885 uint64_t count)
886 {
887 void *addr = memory_region_get_ram_ptr(section->mr) +
888 section->offset_within_region;
889 uint64_t addr_page;
890
891 assert(count > 0);
892
893 if ((uintptr_t)addr % HV_BALLOON_PAGE_SIZE) {
894 warn_report("guest reported removed pages at an unaligned host addr %p",
895 addr);
896 return -EINVAL;
897 }
898
899 addr_page = (uintptr_t)addr / HV_BALLOON_PAGE_SIZE;
900 hvb_page_range_tree_insert(tree, addr_page, count, NULL);
901
902 return 0;
903 }
904
905 static void hv_balloon_handle_remove_ranges(HvBalloon *balloon,
906 union dm_mem_page_range ranges[],
907 uint32_t count)
908 {
909 uint64_t removedcnt;
910 PageRangeTree removed_host_addr;
911 PageRange range_guest, range_both;
912
913 hvb_page_range_tree_init(&removed_host_addr);
914 range_guest.count = range_both.count = removedcnt = 0;
915 for (unsigned int ctr = 0; ctr < count; ctr++) {
916 union dm_mem_page_range *mr = &ranges[ctr];
917 hwaddr pa;
918 MemoryRegionSection section;
919
920 for (unsigned int offset = 0; offset < mr->finfo.page_cnt; ) {
921 int ret;
922 uint64_t pageno = mr->finfo.start_page + offset;
923 uint64_t pagecnt = 1;
924
925 pa = (hwaddr)pageno << HV_BALLOON_PFN_SHIFT;
926 section = memory_region_find(get_system_memory(), pa,
927 (mr->finfo.page_cnt - offset) *
928 HV_BALLOON_PAGE_SIZE);
929 if (!section.mr) {
930 warn_report("guest reported removed page %"PRIu64" not found in RAM",
931 pageno);
932 ret = -EINVAL;
933 goto finish_page;
934 }
935
936 pagecnt = int128_get64(section.size) / HV_BALLOON_PAGE_SIZE;
937 if (pagecnt <= 0) {
938 warn_report("guest reported removed page %"PRIu64" in a section smaller than page size",
939 pageno);
940 pagecnt = 1; /* skip the whole page */
941 ret = -EINVAL;
942 goto finish_page;
943 }
944
945 if (!memory_region_is_ram(section.mr) ||
946 memory_region_is_rom(section.mr) ||
947 memory_region_is_romd(section.mr)) {
948 warn_report("guest reported removed page %"PRIu64" in a section that is not an ordinary RAM",
949 pageno);
950 ret = -EINVAL;
951 goto finish_page;
952 }
953
954 ret = hv_balloon_handle_remove_section(removed_host_addr, &section,
955 pagecnt);
956
957 finish_page:
958 if (ret == 0) {
959 hv_balloon_remove_response_handle_pages(balloon,
960 &range_both,
961 pageno, pagecnt,
962 true, &removedcnt);
963 } else {
964 hv_balloon_remove_response_handle_pages(balloon,
965 &range_guest,
966 pageno, pagecnt,
967 false, &removedcnt);
968 }
969
970 if (section.mr) {
971 memory_region_unref(section.mr);
972 }
973
974 offset += pagecnt;
975 }
976 }
977
978 hv_balloon_remove_response_handle_range(balloon, &range_both, true,
979 &removedcnt);
980 hv_balloon_remove_response_handle_range(balloon, &range_guest, false,
981 &removedcnt);
982
983 hv_balloon_handle_remove_host_addr_tree(removed_host_addr);
984 hvb_page_range_tree_destroy(&removed_host_addr);
985
986 if (removedcnt > balloon->balloon_diff) {
987 warn_report("guest reported more pages removed than currently pending (%"PRIu64" vs %"PRIu64")",
988 removedcnt, balloon->balloon_diff);
989 balloon->balloon_diff = 0;
990 } else {
991 balloon->balloon_diff -= removedcnt;
992 }
993 }
994
995 static bool hv_balloon_handle_msg_size(HvBalloonReq *req, size_t minsize,
996 const char *msgname)
997 {
998 VMBusChanReq *vmreq = &req->vmreq;
999 uint32_t msglen = vmreq->msglen;
1000
1001 if (msglen >= minsize) {
1002 return true;
1003 }
1004
1005 warn_report("%s message too short (%u vs %zu), ignoring", msgname,
1006 (unsigned int)msglen, minsize);
1007 return false;
1008 }
1009
1010 static void hv_balloon_handle_version_request(HvBalloon *balloon,
1011 HvBalloonReq *req,
1012 StateDesc *stdesc)
1013 {
1014 VMBusChanReq *vmreq = &req->vmreq;
1015 struct dm_version_request *msgVr = vmreq->msg;
1016 struct dm_version_response respVr;
1017
1018 if (balloon->state != S_VERSION) {
1019 warn_report("unexpected DM_VERSION_REQUEST in %d state",
1020 balloon->state);
1021 return;
1022 }
1023
1024 if (!hv_balloon_handle_msg_size(req, sizeof(*msgVr),
1025 "DM_VERSION_REQUEST")) {
1026 return;
1027 }
1028
1029 trace_hv_balloon_incoming_version(msgVr->version.major_version,
1030 msgVr->version.minor_version);
1031
1032 memset(&respVr, 0, sizeof(respVr));
1033 respVr.hdr.type = DM_VERSION_RESPONSE;
1034 respVr.hdr.size = sizeof(respVr);
1035 respVr.hdr.trans_id = msgVr->hdr.trans_id;
1036 respVr.is_accepted = msgVr->version.version >= DYNMEM_PROTOCOL_VERSION_1 &&
1037 msgVr->version.version <= DYNMEM_PROTOCOL_VERSION_3;
1038
1039 hv_balloon_send_packet(vmreq->chan, (struct dm_message *)&respVr);
1040
1041 if (respVr.is_accepted) {
1042 HV_BALLOON_STATE_DESC_SET(stdesc, S_CAPS);
1043 }
1044 }
1045
1046 static void hv_balloon_handle_caps_report(HvBalloon *balloon,
1047 HvBalloonReq *req,
1048 StateDesc *stdesc)
1049 {
1050 VMBusChanReq *vmreq = &req->vmreq;
1051 struct dm_capabilities *msgCap = vmreq->msg;
1052 struct dm_capabilities_resp_msg respCap;
1053
1054 if (balloon->state != S_CAPS) {
1055 warn_report("unexpected DM_CAPABILITIES_REPORT in %d state",
1056 balloon->state);
1057 return;
1058 }
1059
1060 if (!hv_balloon_handle_msg_size(req, sizeof(*msgCap),
1061 "DM_CAPABILITIES_REPORT")) {
1062 return;
1063 }
1064
1065 trace_hv_balloon_incoming_caps(msgCap->caps.caps);
1066 balloon->caps = msgCap->caps;
1067
1068 memset(&respCap, 0, sizeof(respCap));
1069 respCap.hdr.type = DM_CAPABILITIES_RESPONSE;
1070 respCap.hdr.size = sizeof(respCap);
1071 respCap.hdr.trans_id = msgCap->hdr.trans_id;
1072 respCap.is_accepted = 1;
1073 respCap.hot_remove = 1;
1074 respCap.suppress_pressure_reports = !balloon->status_report.enabled;
1075 hv_balloon_send_packet(vmreq->chan, (struct dm_message *)&respCap);
1076
1077 timer_mod(&balloon->post_init_timer,
1078 qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
1079 HV_BALLOON_POST_INIT_WAIT);
1080
1081 HV_BALLOON_STATE_DESC_SET(stdesc, S_POST_INIT_WAIT);
1082 }
1083
1084 static void hv_balloon_handle_status_report(HvBalloon *balloon,
1085 HvBalloonReq *req)
1086 {
1087 VMBusChanReq *vmreq = &req->vmreq;
1088 struct dm_status *msgStatus = vmreq->msg;
1089
1090 if (!hv_balloon_handle_msg_size(req, sizeof(*msgStatus),
1091 "DM_STATUS_REPORT")) {
1092 return;
1093 }
1094
1095 if (!balloon->status_report.enabled) {
1096 return;
1097 }
1098
1099 balloon->status_report.committed = msgStatus->num_committed;
1100 balloon->status_report.committed *= HV_BALLOON_PAGE_SIZE;
1101 balloon->status_report.available = msgStatus->num_avail;
1102 balloon->status_report.available *= HV_BALLOON_PAGE_SIZE;
1103 balloon->status_report.received = true;
1104
1105 qapi_event_send_hv_balloon_status_report(balloon->status_report.committed,
1106 balloon->status_report.available);
1107 }
1108
1109 HvBalloonInfo *qmp_query_hv_balloon_status_report(Error **errp)
1110 {
1111 HvBalloon *balloon;
1112 HvBalloonInfo *info;
1113
1114 balloon = HV_BALLOON(object_resolve_path_type("", TYPE_HV_BALLOON, NULL));
1115 if (!balloon) {
1116 error_setg(errp, "no %s device present", TYPE_HV_BALLOON);
1117 return NULL;
1118 }
1119
1120 if (!balloon->status_report.enabled) {
1121 error_setg(errp, "guest memory status reporting not enabled");
1122 return NULL;
1123 }
1124
1125 if (!balloon->status_report.received) {
1126 error_setg(errp, "no guest memory status report received yet");
1127 return NULL;
1128 }
1129
1130 info = g_malloc0(sizeof(*info));
1131 info->committed = balloon->status_report.committed;
1132 info->available = balloon->status_report.available;
1133 return info;
1134 }
1135
1136 static void hv_balloon_handle_unballoon_response(HvBalloon *balloon,
1137 HvBalloonReq *req,
1138 StateDesc *stdesc)
1139 {
1140 VMBusChanReq *vmreq = &req->vmreq;
1141 struct dm_unballoon_response *msgUrR = vmreq->msg;
1142
1143 if (balloon->state != S_UNBALLOON_REPLY_WAIT) {
1144 warn_report("unexpected DM_UNBALLOON_RESPONSE in %d state",
1145 balloon->state);
1146 return;
1147 }
1148
1149 if (!hv_balloon_handle_msg_size(req, sizeof(*msgUrR),
1150 "DM_UNBALLOON_RESPONSE"))
1151 return;
1152
1153 trace_hv_balloon_incoming_unballoon(msgUrR->hdr.trans_id);
1154
1155 balloon->trans_id++;
1156
1157 if (balloon->hot_add_diff > 0) {
1158 bool can_hot_add = balloon->caps.cap_bits.hot_add;
1159
1160 assert(can_hot_add);
1161 HV_BALLOON_STATE_DESC_SET(stdesc, S_HOT_ADD_SETUP);
1162 } else {
1163 HV_BALLOON_STATE_DESC_SET(stdesc, S_IDLE);
1164 }
1165 }
1166
1167 static void hv_balloon_handle_hot_add_response(HvBalloon *balloon,
1168 HvBalloonReq *req,
1169 StateDesc *stdesc)
1170 {
1171 PageRange *hot_add_range = &balloon->hot_add_range;
1172 VMBusChanReq *vmreq = &req->vmreq;
1173 struct dm_hot_add_response *msgHaR = vmreq->msg;
1174 OurRange *our_range;
1175
1176 if (balloon->state != S_HOT_ADD_REPLY_WAIT) {
1177 warn_report("unexpected DM_HOT_ADD_RESPONSE in %d state",
1178 balloon->state);
1179 return;
1180 }
1181
1182 assert(balloon->our_range);
1183 our_range = OUR_RANGE(balloon->our_range);
1184
1185 if (!hv_balloon_handle_msg_size(req, sizeof(*msgHaR),
1186 "DM_HOT_ADD_RESPONSE"))
1187 return;
1188
1189 trace_hv_balloon_incoming_hot_add(msgHaR->hdr.trans_id, msgHaR->result,
1190 msgHaR->page_count);
1191
1192 balloon->trans_id++;
1193
1194 if (msgHaR->result) {
1195 if (msgHaR->page_count > balloon->ha_current_count) {
1196 warn_report("DM_HOT_ADD_RESPONSE page count higher than requested (%"PRIu32" vs %"PRIu64")",
1197 msgHaR->page_count, balloon->ha_current_count);
1198 msgHaR->page_count = balloon->ha_current_count;
1199 }
1200
1201 hvb_our_range_mark_added(our_range, msgHaR->page_count);
1202 hot_add_range->start += msgHaR->page_count;
1203 hot_add_range->count -= msgHaR->page_count;
1204 }
1205
1206 if (!msgHaR->result || msgHaR->page_count < balloon->ha_current_count) {
1207 /*
1208 * the current planned range was only partially hot-added, take note
1209 * how much of it remains and don't attempt any further hot adds
1210 */
1211 our_range_mark_remaining_unusable(our_range);
1212
1213 goto ret_idle;
1214 }
1215
1216 /* any pages remaining to hot-add in our range? */
1217 if (hot_add_range->count > 0) {
1218 HV_BALLOON_STATE_DESC_SET(stdesc, S_HOT_ADD_RB_WAIT);
1219 return;
1220 }
1221
1222 ret_idle:
1223 HV_BALLOON_STATE_DESC_SET(stdesc, S_IDLE);
1224 }
1225
1226 static void hv_balloon_handle_balloon_response(HvBalloon *balloon,
1227 HvBalloonReq *req,
1228 StateDesc *stdesc)
1229 {
1230 VMBusChanReq *vmreq = &req->vmreq;
1231 struct dm_balloon_response *msgBR = vmreq->msg;
1232
1233 if (balloon->state != S_BALLOON_REPLY_WAIT) {
1234 warn_report("unexpected DM_BALLOON_RESPONSE in %d state",
1235 balloon->state);
1236 return;
1237 }
1238
1239 if (!hv_balloon_handle_msg_size(req, sizeof(*msgBR),
1240 "DM_BALLOON_RESPONSE"))
1241 return;
1242
1243 trace_hv_balloon_incoming_balloon(msgBR->hdr.trans_id, msgBR->range_count,
1244 msgBR->more_pages);
1245
1246 if (vmreq->msglen < sizeof(*msgBR) +
1247 (uint64_t)sizeof(msgBR->range_array[0]) * msgBR->range_count) {
1248 warn_report("DM_BALLOON_RESPONSE too short for the range count");
1249 return;
1250 }
1251
1252 if (msgBR->range_count == 0) {
1253 /* The guest is already at its minimum size */
1254 balloon->balloon_diff = 0;
1255 goto ret_end_trans;
1256 } else {
1257 hv_balloon_handle_remove_ranges(balloon,
1258 msgBR->range_array,
1259 msgBR->range_count);
1260 }
1261
1262 /* More responses expected? */
1263 if (msgBR->more_pages) {
1264 return;
1265 }
1266
1267 ret_end_trans:
1268 balloon->trans_id++;
1269
1270 if (balloon->balloon_diff > 0) {
1271 HV_BALLOON_STATE_DESC_SET(stdesc, S_BALLOON_RB_WAIT);
1272 } else {
1273 HV_BALLOON_STATE_DESC_SET(stdesc, S_IDLE);
1274 }
1275 }
1276
1277 static void hv_balloon_handle_packet(HvBalloon *balloon, HvBalloonReq *req,
1278 StateDesc *stdesc)
1279 {
1280 VMBusChanReq *vmreq = &req->vmreq;
1281 struct dm_message *msg = vmreq->msg;
1282
1283 if (vmreq->msglen < sizeof(msg->hdr)) {
1284 return;
1285 }
1286
1287 switch (msg->hdr.type) {
1288 case DM_VERSION_REQUEST:
1289 hv_balloon_handle_version_request(balloon, req, stdesc);
1290 break;
1291
1292 case DM_CAPABILITIES_REPORT:
1293 hv_balloon_handle_caps_report(balloon, req, stdesc);
1294 break;
1295
1296 case DM_STATUS_REPORT:
1297 hv_balloon_handle_status_report(balloon, req);
1298 break;
1299
1300 case DM_MEM_HOT_ADD_RESPONSE:
1301 hv_balloon_handle_hot_add_response(balloon, req, stdesc);
1302 break;
1303
1304 case DM_UNBALLOON_RESPONSE:
1305 hv_balloon_handle_unballoon_response(balloon, req, stdesc);
1306 break;
1307
1308 case DM_BALLOON_RESPONSE:
1309 hv_balloon_handle_balloon_response(balloon, req, stdesc);
1310 break;
1311
1312 default:
1313 warn_report("unknown DM message %u", msg->hdr.type);
1314 break;
1315 }
1316 }
1317
1318 static bool hv_balloon_recv_channel(HvBalloon *balloon, StateDesc *stdesc)
1319 {
1320 VMBusChannel *chan;
1321 HvBalloonReq *req;
1322
1323 if (balloon->state == S_WAIT_RESET ||
1324 balloon->state == S_POST_RESET_CLOSED) {
1325 return false;
1326 }
1327
1328 chan = hv_balloon_get_channel(balloon);
1329 if (vmbus_channel_recv_start(chan)) {
1330 return false;
1331 }
1332
1333 while ((req = vmbus_channel_recv_peek(chan, sizeof(*req)))) {
1334 hv_balloon_handle_packet(balloon, req, stdesc);
1335 vmbus_free_req(req);
1336 vmbus_channel_recv_pop(chan);
1337
1338 if (stdesc->state != S_NO_CHANGE) {
1339 break;
1340 }
1341 }
1342
1343 return vmbus_channel_recv_done(chan) > 0;
1344 }
1345
1346 /* old state handler -> new state transition (potential) */
1347 static bool hv_balloon_event_loop_state(HvBalloon *balloon)
1348 {
1349 StateDesc state_new = HV_BALLOON_STATE_DESC_INIT;
1350
1351 hv_balloon_handle_state(balloon, &state_new);
1352 return hv_balloon_state_set(balloon, state_new.state, state_new.desc);
1353 }
1354
1355 /* VMBus message -> new state transition (potential) */
1356 static bool hv_balloon_event_loop_recv(HvBalloon *balloon)
1357 {
1358 StateDesc state_new = HV_BALLOON_STATE_DESC_INIT;
1359 bool any_recv, state_changed;
1360
1361 any_recv = hv_balloon_recv_channel(balloon, &state_new);
1362 state_changed = hv_balloon_state_set(balloon,
1363 state_new.state, state_new.desc);
1364
1365 return state_changed || any_recv;
1366 }
1367
1368 static void hv_balloon_event_loop(HvBalloon *balloon)
1369 {
1370 bool state_repeat, recv_repeat;
1371
1372 do {
1373 state_repeat = hv_balloon_event_loop_state(balloon);
1374 recv_repeat = hv_balloon_event_loop_recv(balloon);
1375 } while (state_repeat || recv_repeat);
1376 }
1377
1378 static void hv_balloon_vmdev_chan_notify(VMBusChannel *chan)
1379 {
1380 HvBalloon *balloon = HV_BALLOON(vmbus_channel_device(chan));
1381
1382 hv_balloon_event_loop(balloon);
1383 }
1384
1385 static void hv_balloon_stat(void *opaque, BalloonInfo *info)
1386 {
1387 HvBalloon *balloon = opaque;
1388 info->actual = (hv_balloon_total_ram(balloon) - balloon->removed_both_ctr)
1389 << HV_BALLOON_PFN_SHIFT;
1390 }
1391
1392 static void hv_balloon_to_target(void *opaque, ram_addr_t target)
1393 {
1394 HvBalloon *balloon = opaque;
1395 uint64_t target_pages = target >> HV_BALLOON_PFN_SHIFT;
1396
1397 if (!target_pages) {
1398 return;
1399 }
1400
1401 /*
1402 * always set target_changed, even with unchanged target, as the user
1403 * might be asking us to try again reaching it
1404 */
1405 balloon->target = target_pages;
1406 balloon->target_changed = true;
1407
1408 hv_balloon_event_loop(balloon);
1409 }
1410
1411 static int hv_balloon_vmdev_open_channel(VMBusChannel *chan)
1412 {
1413 HvBalloon *balloon = HV_BALLOON(vmbus_channel_device(chan));
1414
1415 if (balloon->state != S_POST_RESET_CLOSED) {
1416 warn_report("guest trying to open a DM channel in invalid %d state",
1417 balloon->state);
1418 return -EINVAL;
1419 }
1420
1421 HV_BALLOON_SET_STATE(balloon, S_VERSION);
1422 hv_balloon_event_loop(balloon);
1423
1424 return 0;
1425 }
1426
1427 static void hv_balloon_vmdev_close_channel(VMBusChannel *chan)
1428 {
1429 HvBalloon *balloon = HV_BALLOON(vmbus_channel_device(chan));
1430
1431 timer_del(&balloon->post_init_timer);
1432
1433 /* Don't report stale data */
1434 balloon->status_report.received = false;
1435
1436 HV_BALLOON_SET_STATE(balloon, S_WAIT_RESET);
1437 hv_balloon_event_loop(balloon);
1438 }
1439
1440 static void hv_balloon_post_init_timer(void *opaque)
1441 {
1442 HvBalloon *balloon = opaque;
1443
1444 if (balloon->state != S_POST_INIT_WAIT) {
1445 return;
1446 }
1447
1448 HV_BALLOON_SET_STATE(balloon, S_IDLE);
1449 hv_balloon_event_loop(balloon);
1450 }
1451
1452 static void hv_balloon_system_reset_unrealize_common(HvBalloon *balloon)
1453 {
1454 g_clear_pointer(&balloon->our_range, hvb_our_range_memslots_free);
1455 }
1456
1457 static void hv_balloon_system_reset(void *opaque)
1458 {
1459 HvBalloon *balloon = HV_BALLOON(opaque);
1460
1461 hv_balloon_system_reset_unrealize_common(balloon);
1462 }
1463
1464 static void hv_balloon_ensure_mr(HvBalloon *balloon)
1465 {
1466 MemoryRegion *hostmem_mr;
1467
1468 assert(balloon->hostmem);
1469
1470 if (balloon->mr) {
1471 return;
1472 }
1473
1474 hostmem_mr = host_memory_backend_get_memory(balloon->hostmem);
1475
1476 balloon->mr = g_new0(MemoryRegion, 1);
1477 memory_region_init(balloon->mr, OBJECT(balloon), TYPE_HV_BALLOON,
1478 memory_region_size(hostmem_mr));
1479
1480 /*
1481 * The VM can indicate an alignment up to 32 GiB. Memory device core can
1482 * usually only handle/guarantee 1 GiB alignment. The user will have to
1483 * specify a larger maxmem eventually.
1484 *
1485 * The memory device core will warn the user in case maxmem might have to be
1486 * increased and will fail plugging the device if there is not sufficient
1487 * space after alignment.
1488 *
1489 * TODO: we could do the alignment ourselves in a slightly bigger region.
1490 * But this feels better, although the warning might be annoying. Maybe
1491 * we can optimize that in the future (e.g., with such a device on the
1492 * cmdline place/size the device memory region differently.
1493 */
1494 balloon->mr->align = MAX(32 * GiB, memory_region_get_alignment(hostmem_mr));
1495 }
1496
1497 static void hv_balloon_free_mr(HvBalloon *balloon)
1498 {
1499 if (!balloon->mr) {
1500 return;
1501 }
1502
1503 object_unparent(OBJECT(balloon->mr));
1504 g_clear_pointer(&balloon->mr, g_free);
1505 }
1506
1507 static void hv_balloon_vmdev_realize(VMBusDevice *vdev, Error **errp)
1508 {
1509 ERRP_GUARD();
1510 HvBalloon *balloon = HV_BALLOON(vdev);
1511 int ret;
1512
1513 balloon->state = S_WAIT_RESET;
1514
1515 ret = qemu_add_balloon_handler(hv_balloon_to_target, hv_balloon_stat,
1516 balloon);
1517 if (ret < 0) {
1518 /* This also protects against having multiple hv-balloon instances */
1519 error_setg(errp, "Only one balloon device is supported");
1520 return;
1521 }
1522
1523 if (balloon->hostmem) {
1524 if (host_memory_backend_is_mapped(balloon->hostmem)) {
1525 Object *obj = OBJECT(balloon->hostmem);
1526
1527 error_setg(errp, "'%s' property specifies a busy memdev: %s",
1528 HV_BALLOON_MEMDEV_PROP,
1529 object_get_canonical_path_component(obj));
1530 goto out_balloon_handler;
1531 }
1532
1533 hv_balloon_ensure_mr(balloon);
1534
1535 /* This is rather unlikely to happen, but let's still check for it. */
1536 if (!QEMU_IS_ALIGNED(memory_region_size(balloon->mr),
1537 HV_BALLOON_PAGE_SIZE)) {
1538 error_setg(errp, "'%s' property memdev size has to be a multiple of 0x%" PRIx64,
1539 HV_BALLOON_MEMDEV_PROP, (uint64_t)HV_BALLOON_PAGE_SIZE);
1540 goto out_balloon_handler;
1541 }
1542
1543 host_memory_backend_set_mapped(balloon->hostmem, true);
1544 vmstate_register_ram(host_memory_backend_get_memory(balloon->hostmem),
1545 DEVICE(balloon));
1546 } else if (balloon->addr) {
1547 error_setg(errp, "'%s' property must not be set without a memdev",
1548 HV_BALLOON_MEMDEV_PROP);
1549 goto out_balloon_handler;
1550 }
1551
1552 timer_init_ms(&balloon->post_init_timer, QEMU_CLOCK_VIRTUAL,
1553 hv_balloon_post_init_timer, balloon);
1554
1555 qemu_register_reset(hv_balloon_system_reset, balloon);
1556
1557 return;
1558
1559 out_balloon_handler:
1560 qemu_remove_balloon_handler(balloon);
1561 }
1562
1563 /*
1564 * VMBus device reset has to be implemented in case the guest decides to
1565 * disconnect and reconnect to the VMBus without rebooting the whole system.
1566 *
1567 * However, the hot-added memory can't be removed here as Windows keeps on using
1568 * it until the system is restarted, even after disconnecting from the VMBus.
1569 */
1570 static void hv_balloon_vmdev_reset(VMBusDevice *vdev)
1571 {
1572 HvBalloon *balloon = HV_BALLOON(vdev);
1573
1574 if (balloon->state == S_POST_RESET_CLOSED) {
1575 return;
1576 }
1577
1578 if (balloon->our_range) {
1579 hvb_our_range_clear_removed_trees(OUR_RANGE(balloon->our_range));
1580 }
1581
1582 hvb_page_range_tree_destroy(&balloon->removed_guest);
1583 hvb_page_range_tree_destroy(&balloon->removed_both);
1584 hvb_page_range_tree_init(&balloon->removed_guest);
1585 hvb_page_range_tree_init(&balloon->removed_both);
1586
1587 balloon->trans_id = 0;
1588 balloon->removed_guest_ctr = 0;
1589 balloon->removed_both_ctr = 0;
1590
1591 HV_BALLOON_SET_STATE(balloon, S_POST_RESET_CLOSED);
1592 hv_balloon_event_loop(balloon);
1593 }
1594
1595 /*
1596 * Clean up things that were (possibly) allocated pre-realization, for example
1597 * from memory_device_pre_plug(), so we don't leak them if the device don't
1598 * actually get realized in the end.
1599 */
1600 static void hv_balloon_unrealize_finalize_common(HvBalloon *balloon)
1601 {
1602 hv_balloon_free_mr(balloon);
1603 balloon->addr = 0;
1604
1605 balloon->memslot_count = 0;
1606 }
1607
1608 static void hv_balloon_vmdev_unrealize(VMBusDevice *vdev)
1609 {
1610 HvBalloon *balloon = HV_BALLOON(vdev);
1611
1612 qemu_unregister_reset(hv_balloon_system_reset, balloon);
1613
1614 hv_balloon_system_reset_unrealize_common(balloon);
1615
1616 qemu_remove_balloon_handler(balloon);
1617
1618 if (balloon->hostmem) {
1619 vmstate_unregister_ram(host_memory_backend_get_memory(balloon->hostmem),
1620 DEVICE(balloon));
1621 host_memory_backend_set_mapped(balloon->hostmem, false);
1622 }
1623
1624 hvb_page_range_tree_destroy(&balloon->removed_guest);
1625 hvb_page_range_tree_destroy(&balloon->removed_both);
1626
1627 hv_balloon_unrealize_finalize_common(balloon);
1628 }
1629
1630 static uint64_t hv_balloon_md_get_addr(const MemoryDeviceState *md)
1631 {
1632 return object_property_get_uint(OBJECT(md), HV_BALLOON_ADDR_PROP,
1633 &error_abort);
1634 }
1635
1636 static void hv_balloon_md_set_addr(MemoryDeviceState *md, uint64_t addr,
1637 Error **errp)
1638 {
1639 object_property_set_uint(OBJECT(md), HV_BALLOON_ADDR_PROP, addr, errp);
1640 }
1641
1642 static MemoryRegion *hv_balloon_md_get_memory_region(MemoryDeviceState *md,
1643 Error **errp)
1644 {
1645 HvBalloon *balloon = HV_BALLOON(md);
1646
1647 if (!balloon->hostmem) {
1648 return NULL;
1649 }
1650
1651 hv_balloon_ensure_mr(balloon);
1652
1653 return balloon->mr;
1654 }
1655
1656 static void hv_balloon_md_fill_device_info(const MemoryDeviceState *md,
1657 MemoryDeviceInfo *info)
1658 {
1659 HvBalloonDeviceInfo *hi = g_new0(HvBalloonDeviceInfo, 1);
1660 const HvBalloon *balloon = HV_BALLOON(md);
1661 DeviceState *dev = DEVICE(md);
1662
1663 if (dev->id) {
1664 hi->id = g_strdup(dev->id);
1665 }
1666
1667 if (balloon->hostmem) {
1668 hi->memdev = object_get_canonical_path(OBJECT(balloon->hostmem));
1669 hi->memaddr = balloon->addr;
1670 hi->has_memaddr = true;
1671 hi->max_size = memory_region_size(balloon->mr);
1672 /* TODO: expose current provided size or something else? */
1673 } else {
1674 hi->max_size = 0;
1675 }
1676
1677 info->u.hv_balloon.data = hi;
1678 info->type = MEMORY_DEVICE_INFO_KIND_HV_BALLOON;
1679 }
1680
1681 static void hv_balloon_decide_memslots(MemoryDeviceState *md,
1682 unsigned int limit)
1683 {
1684 HvBalloon *balloon = HV_BALLOON(md);
1685 MemoryRegion *hostmem_mr;
1686 uint64_t region_size, memslot_size, memslots;
1687
1688 /* We're called exactly once, before realizing the device. */
1689 assert(!balloon->memslot_count);
1690
1691 /* We should not be called if we don't have a memory backend */
1692 assert(balloon->hostmem);
1693
1694 hostmem_mr = host_memory_backend_get_memory(balloon->hostmem);
1695 region_size = memory_region_size(hostmem_mr);
1696
1697 assert(region_size > 0);
1698 memslot_size = QEMU_ALIGN_UP(region_size / limit,
1699 HV_BALLOON_HA_MEMSLOT_SIZE_ALIGN);
1700 memslots = QEMU_ALIGN_UP(region_size, memslot_size) / memslot_size;
1701
1702 if (memslots > 1) {
1703 balloon->memslot_size = memslot_size;
1704 } else {
1705 balloon->memslot_size = region_size;
1706 }
1707
1708 assert(memslots <= UINT_MAX);
1709 balloon->memslot_count = memslots;
1710 }
1711
1712 static unsigned int hv_balloon_get_memslots(MemoryDeviceState *md)
1713 {
1714 const HvBalloon *balloon = HV_BALLOON(md);
1715
1716 /* We're called after setting the suggested limit. */
1717 assert(balloon->memslot_count > 0);
1718
1719 return balloon->memslot_count;
1720 }
1721
1722 static void hv_balloon_init(Object *obj)
1723 {
1724 }
1725
1726 static void hv_balloon_finalize(Object *obj)
1727 {
1728 HvBalloon *balloon = HV_BALLOON(obj);
1729
1730 hv_balloon_unrealize_finalize_common(balloon);
1731 }
1732
1733 static Property hv_balloon_properties[] = {
1734 DEFINE_PROP_BOOL("status-report", HvBalloon,
1735 status_report.enabled, false),
1736
1737 /* MEMORY_DEVICE props */
1738 DEFINE_PROP_LINK(HV_BALLOON_MEMDEV_PROP, HvBalloon, hostmem,
1739 TYPE_MEMORY_BACKEND, HostMemoryBackend *),
1740 DEFINE_PROP_UINT64(HV_BALLOON_ADDR_PROP, HvBalloon, addr, 0),
1741
1742 DEFINE_PROP_END_OF_LIST(),
1743 };
1744
1745 static void hv_balloon_class_init(ObjectClass *klass, void *data)
1746 {
1747 DeviceClass *dc = DEVICE_CLASS(klass);
1748 VMBusDeviceClass *vdc = VMBUS_DEVICE_CLASS(klass);
1749 MemoryDeviceClass *mdc = MEMORY_DEVICE_CLASS(klass);
1750
1751 device_class_set_props(dc, hv_balloon_properties);
1752 qemu_uuid_parse(HV_BALLOON_GUID, &vdc->classid);
1753 set_bit(DEVICE_CATEGORY_MISC, dc->categories);
1754
1755 vdc->vmdev_realize = hv_balloon_vmdev_realize;
1756 vdc->vmdev_unrealize = hv_balloon_vmdev_unrealize;
1757 vdc->vmdev_reset = hv_balloon_vmdev_reset;
1758 vdc->open_channel = hv_balloon_vmdev_open_channel;
1759 vdc->close_channel = hv_balloon_vmdev_close_channel;
1760 vdc->chan_notify_cb = hv_balloon_vmdev_chan_notify;
1761
1762 mdc->get_addr = hv_balloon_md_get_addr;
1763 mdc->set_addr = hv_balloon_md_set_addr;
1764 mdc->get_plugged_size = memory_device_get_region_size;
1765 mdc->get_memory_region = hv_balloon_md_get_memory_region;
1766 mdc->decide_memslots = hv_balloon_decide_memslots;
1767 mdc->get_memslots = hv_balloon_get_memslots;
1768 mdc->fill_device_info = hv_balloon_md_fill_device_info;
1769 }
Random patches