libvirt/src/security
Michal Privoznik f931cb7f21 conf: Introduce virtio-mem <memory/> model
The virtio-mem is paravirtualized mechanism of adding/removing
memory to/from a VM. A virtio-mem-pci device is split into blocks
of equal size which are then exposed (all or only a requested
portion of them) to the guest kernel to use as regular memory.
Therefore, the device has two important attributes:

  1) block-size, which defines the size of a block
  2) requested-size, which defines how much memory (in bytes)
     is the device requested to expose to the guest.

The 'block-size' is configured on command line and immutable
throughout device's lifetime. The 'requested-size' can be set on
the command line too, but also is adjustable via monitor. In
fact, that is how management software places its requests to
change the memory allocation. If it wants to give more memory to
the guest it changes 'requested-size' to a bigger value, and if it
wants to shrink guest memory it changes the 'requested-size' to a
smaller value. Note, value of zero means that guest should
release all memory offered by the device. Of course, guest has to
cooperate. Therefore, there is a third attribute 'size' which is
read only and reflects how much memory the guest still has. This
can be different to 'requested-size', obviously. Because of name
clash, I've named it 'current' and it is dealt with in future
commits (it is a runtime information anyway).

In the backend, memory for virtio-mem is backed by usual objects:
memory-backend-{ram,file,memfd} and their size puts the cap on
the amount of memory that a virtio-mem device can offer to a
guest. But we are already able to express this info using <size/>
under <target/>.

Therefore, we need only two more elements to cover 'block-size'
and 'requested-size' attributes. This is the XML I've came up
with:

  <memory model='virtio-mem'>
    <source>
      <nodemask>1-3</nodemask>
      <pagesize unit='KiB'>2048</pagesize>
    </source>
    <target>
      <size unit='KiB'>2097152</size>
      <node>0</node>
      <block unit='KiB'>2048</block>
      <requested unit='KiB'>1048576</requested>
    </target>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
  </memory>

I hope by now it is obvious that:

  1) 'requested-size' must be an integer multiple of
     'block-size', and
  2) virtio-mem-pci device goes onto PCI bus and thus needs PCI
     address.

Then there is a limitation that the minimal 'block-size' is
transparent huge page size (I'll leave this without explanation).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-10-01 11:02:53 +02:00
..
apparmor Apparmor: Add profile for virtxend 2021-07-14 09:16:58 -06:00
meson.build meson: Always use the / operator to join paths 2021-08-11 09:16:36 +02:00
security_apparmor.c conf: Introduce virtio-mem <memory/> model 2021-10-01 11:02:53 +02:00
security_apparmor.h
security_dac.c conf: Introduce virtio-mem <memory/> model 2021-10-01 11:02:53 +02:00
security_dac.h lib: Drop internal virXXXPtr typedefs 2021-04-13 17:00:38 +02:00
security_driver.c lib: Drop internal virXXXPtr typedefs 2021-04-13 17:00:38 +02:00
security_driver.h qemu: Set label on vhostuser net device when hotplugging 2021-08-26 16:06:45 -06:00
security_manager.c qemu: Set label on vhostuser net device when hotplugging 2021-08-26 16:06:45 -06:00
security_manager.h qemu: Set label on vhostuser net device when hotplugging 2021-08-26 16:06:45 -06:00
security_nop.c lib: Drop internal virXXXPtr typedefs 2021-04-13 17:00:38 +02:00
security_nop.h
security_selinux.c conf: Introduce virtio-mem <memory/> model 2021-10-01 11:02:53 +02:00
security_selinux.h
security_stack.c qemu: Set label on vhostuser net device when hotplugging 2021-08-26 16:06:45 -06:00
security_stack.h lib: Drop internal virXXXPtr typedefs 2021-04-13 17:00:38 +02:00
security_util.c qemusecuritytest: Skip on non supported platforms 2020-11-06 09:14:53 +01:00
security_util.h qemusecuritytest: Skip on non supported platforms 2020-11-06 09:14:53 +01:00
virt-aa-helper.c Remove redundant labels 2021-08-17 18:27:13 +02:00