<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Wed, May 20, 2026 at 4:20 AM <<a href="mailto:pravin.bathija@dell.com">pravin.bathija@dell.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">From: Pravin M Bathija <<a href="mailto:pravin.bathija@dell.com" target="_blank">pravin.bathija@dell.com</a>><br>
<br>
Add support for VHOST_USER_ADD_MEM_REG, VHOST_USER_REM_MEM_REG and<br>
VHOST_USER_GET_MAX_MEM_SLOTS. Refactor memory initialization into<br>
common helper and add supporting functions for dynamic memory management.<br>
<br>
Signed-off-by: Pravin M Bathija <<a href="mailto:pravin.bathija@dell.com" target="_blank">pravin.bathija@dell.com</a>><br>
Acked-by: Fengchengwen <<a href="mailto:fengchengwen@huawei.com" target="_blank">fengchengwen@huawei.com</a>><br>
Reviewed-by: Stephen Hemminger <<a href="mailto:stephen@networkplumber.com" target="_blank">stephen@networkplumber.com</a>><br>
Acked-by: Maxime Coquelin <<a href="mailto:maxime.coquelin@redhat.com" target="_blank">maxime.coquelin@redhat.com</a>><br>
---<br>
lib/vhost/vhost_user.c | 255 +++++++++++++++++++++++++++++++++++++++++<br>
1 file changed, 255 insertions(+)<br>
<br>
diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c<br>
index 94fca8b589..522ba1db82 100644<br>
--- a/lib/vhost/vhost_user.c<br>
+++ b/lib/vhost/vhost_user.c<br>
@@ -71,6 +71,9 @@ VHOST_MESSAGE_HANDLER(VHOST_USER_SET_FEATURES, vhost_user_set_features, false, t<br>
VHOST_MESSAGE_HANDLER(VHOST_USER_SET_OWNER, vhost_user_set_owner, false, true) \<br>
VHOST_MESSAGE_HANDLER(VHOST_USER_RESET_OWNER, vhost_user_reset_owner, false, false) \<br>
VHOST_MESSAGE_HANDLER(VHOST_USER_SET_MEM_TABLE, vhost_user_set_mem_table, true, true) \<br>
+VHOST_MESSAGE_HANDLER(VHOST_USER_GET_MAX_MEM_SLOTS, vhost_user_get_max_mem_slots, false, false) \<br>
+VHOST_MESSAGE_HANDLER(VHOST_USER_ADD_MEM_REG, vhost_user_add_mem_reg, true, true) \<br>
+VHOST_MESSAGE_HANDLER(VHOST_USER_REM_MEM_REG, vhost_user_rem_mem_reg, true, true) \<br></blockquote><div><br></div><div>The removal request does not expect FDs in ancillary data.</div><div>It should be:</div><div>VHOST_MESSAGE_HANDLER(VHOST_USER_REM_MEM_REG, vhost_user_rem_mem_reg, false, true)</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
VHOST_MESSAGE_HANDLER(VHOST_USER_SET_LOG_BASE, vhost_user_set_log_base, true, true) \<br>
VHOST_MESSAGE_HANDLER(VHOST_USER_SET_LOG_FD, vhost_user_set_log_fd, true, true) \<br>
VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_NUM, vhost_user_set_vring_num, false, true) \<br>
@@ -1167,6 +1170,24 @@ add_guest_pages(struct virtio_net *dev, struct rte_vhost_mem_region *reg,<br>
return 0;<br>
}<br>
<br>
+static void<br>
+remove_guest_pages(struct virtio_net *dev, struct rte_vhost_mem_region *reg)<br>
+{<br>
+ uint64_t reg_start = reg->host_user_addr;<br>
+ uint64_t reg_end = reg_start + reg->size;<br>
+ uint32_t i, j = 0;<br>
+<br>
+ for (i = 0; i < dev->nr_guest_pages; i++) {<br>
+ if (dev->guest_pages[i].host_user_addr >= reg_start &&<br>
+ dev->guest_pages[i].host_user_addr < reg_end)<br>
+ continue;<br>
+ if (j != i)<br>
+ dev->guest_pages[j] = dev->guest_pages[i];<br>
+ j++;<br>
+ }<br>
+ dev->nr_guest_pages = j;<br>
+}<br>
+<br>
#ifdef RTE_LIBRTE_VHOST_DEBUG<br>
/* TODO: enable it only in debug mode? */<br>
static void<br>
@@ -1591,6 +1612,240 @@ vhost_user_set_mem_table(struct virtio_net **pdev,<br>
return RTE_VHOST_MSG_RESULT_ERR;<br>
}<br>
<br>
+<br>
+static int<br>
+vhost_user_get_max_mem_slots(struct virtio_net **pdev __rte_unused,<br>
+ struct vhu_msg_context *ctx,<br>
+ int main_fd __rte_unused)<br>
+{<br>
+ uint32_t max_mem_slots = VHOST_MEMORY_MAX_NREGIONS;<br>
+<br>
+ ctx->msg.payload.u64 = max_mem_slots;<br>
+ ctx->msg.size = sizeof(ctx->msg.payload.u64);<br>
+ ctx->fd_num = 0;<br>
+<br>
+ return RTE_VHOST_MSG_RESULT_REPLY;<br>
+}<br>
+<br>
+/*<br>
+ * Invalidate and re-translate all vring addresses after the memory table<br>
+ * has been modified (add/remove region).<br>
+ *<br>
+ * translate_ring_addresses() may call numa_realloc(), which can reallocate<br>
+ * the device structure. The updated pointer is written back through *pdev<br>
+ * so callers must refresh their local "dev" afterwards: dev = *pdev.<br>
+ */<br>
+static void<br>
+vhost_user_invalidate_vrings(struct virtio_net **pdev)<br>
+{<br>
+ struct virtio_net *dev = *pdev;<br>
+ uint32_t i;<br>
+<br>
+ for (i = 0; i < dev->nr_vring; i++) {<br>
+ struct vhost_virtqueue *vq = dev->virtqueue[i];<br>
+<br>
+ if (!vq)<br>
+ continue;<br>
+<br>
+ if (vq->desc || vq->avail || vq->used) {<br>
+ vq_assert_lock(dev, vq);<br>
+<br>
+ vring_invalidate(dev, vq);<br>
+<br>
+ translate_ring_addresses(&dev, &vq);<br>
+ }<br>
+ }<br>
+<br>
+ *pdev = dev;<br>
+}<br>
+<br>
+/*<br>
+ * Macro wrapper that performs the compile-time lock assertion with the<br>
+ * correct message ID at the call site, then calls the implementation.<br>
+ */<br>
+#define dev_invalidate_vrings(pdev, id) do { \<br>
+ static_assert(id ## _LOCK_ALL_QPS, \<br>
+ #id " handler is not declared as locking all queue pairs"); \<br>
+ vhost_user_invalidate_vrings(pdev); \<br>
+} while (0)<br>
+<br>
+static int<br>
+vhost_user_add_mem_reg(struct virtio_net **pdev,<br>
+ struct vhu_msg_context *ctx,<br>
+ int main_fd __rte_unused)<br>
+{<br>
+ struct VhostUserMemoryRegion *region = &ctx->msg.payload.memreg.region;<br>
+ struct virtio_net *dev = *pdev;<br>
+ uint32_t i;<br>
+<br>
+ /* convert first region add to normal memory table set */<br>
+ if (dev->mem == NULL) {<br>
+ if (vhost_user_initialize_memory(pdev) < 0)<br>
+ goto close_msg_fds;<br>
+ }<br>
+<br>
+ /* make sure new region will fit */<br>
+ if (dev->mem->nregions >= VHOST_MEMORY_MAX_NREGIONS) {<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR, "too many memory regions already (%u)",<br>
+ dev->mem->nregions);<br>
+ goto close_msg_fds;<br>
+ }<br>
+<br>
+ /* make sure supplied memory fd present */<br>
+ if (ctx->fd_num != 1) {<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR, "fd count makes no sense (%u)", ctx->fd_num);<br>
+ goto close_msg_fds;<br>
+ }<br>
+<br>
+ /* Make sure no overlap in guest virtual address space */<br>
+ for (i = 0; i < dev->mem->nregions; i++) {<br>
+ struct rte_vhost_mem_region *cur = &dev->mem->regions[i];<br>
+ uint64_t cur_start = cur->guest_user_addr;<br>
+ uint64_t cur_end = cur_start + cur->size - 1;<br>
+ uint64_t new_start = region->userspace_addr;<br>
+ uint64_t new_end = new_start + region->memory_size - 1;<br>
+<br>
+ if (new_end >= cur_start && new_start <= cur_end) {<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR,<br>
+ "requested memory region overlaps with another region");<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR,<br>
+ "\tRequested region address:0x%" PRIx64,<br>
+ region->userspace_addr);<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR,<br>
+ "\tRequested region size:0x%" PRIx64,<br>
+ region->memory_size);<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR,<br>
+ "\tOverlapping region address:0x%" PRIx64,<br>
+ cur->guest_user_addr);<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR,<br>
+ "\tOverlapping region size:0x%" PRIx64,<br>
+ cur->size);<br>
+ goto close_msg_fds;<br>
+ }<br>
+ }<br>
+<br>
+ /* New region goes at the end of the contiguous array */<br>
+ struct rte_vhost_mem_region *reg = &dev->mem->regions[dev->mem->nregions];<br>
+<br>
+ reg->guest_phys_addr = region->guest_phys_addr;<br>
+ reg->guest_user_addr = region->userspace_addr;<br>
+ reg->size = region->memory_size;<br>
+ reg->fd = ctx->fds[0];<br>
+ ctx->fds[0] = -1;<br>
+<br>
+ if (vhost_user_mmap_region(dev, reg, region->mmap_offset) < 0) {<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR, "failed to mmap region");<br>
+ if (reg->mmap_addr) {<br>
+ /* mmap succeeded but a later step (e.g. add_guest_pages)<br>
+ * failed; undo the mapping and any guest-page entries.<br>
+ */<br>
+ remove_guest_pages(dev, reg);<br>
+ free_mem_region(reg);<br>
+ } else {<br>
+ close(reg->fd);<br>
+ reg->fd = -1;<br>
+ }<br>
+ goto close_msg_fds;<br>
+ }<br>
+<br>
+ dev->mem->nregions++;<br>
+<br>
+ if (dev->async_copy && rte_vfio_is_enabled("vfio")) {<br>
+ if (async_dma_map_region(dev, reg, true) < 0)<br>
+ goto free_new_region_no_dma;<br>
+ }<br>
+<br>
+ if (dev->postcopy_listening) {<br>
+ /*<br>
+ * Cannot use vhost_user_postcopy_register() here because it<br>
+ * reads ctx->msg.payload.memory (SET_MEM_TABLE layout), but<br>
+ * ADD_MEM_REG uses the memreg payload. Register the<br>
+ * single new region directly instead.<br>
+ */<br>
+ if (vhost_user_postcopy_region_register(dev, reg) < 0)<br>
+ goto free_new_region;<br>
+ }<br>
+<br>
+ dev_invalidate_vrings(pdev, VHOST_USER_ADD_MEM_REG);<br>
+ dev = *pdev;<br>
+ dump_guest_pages(dev);<br>
+<br>
+ /* Reply with the back-end's mapping address per vhost-user spec */<br>
+ ctx->msg.payload.memreg.region.userspace_addr = reg->host_user_addr;<br>
+ ctx->msg.size = sizeof(ctx->msg.payload.memreg);<br>
+ ctx->fd_num = 0;<br>
+<br>
+ return RTE_VHOST_MSG_RESULT_REPLY;<br>
+<br>
+free_new_region:<br>
+ if (dev->async_copy && rte_vfio_is_enabled("vfio"))<br>
+ async_dma_map_region(dev, reg, false);<br>
+free_new_region_no_dma:<br>
+ remove_guest_pages(dev, reg);<br>
+ free_mem_region(reg);<br>
+ dev->mem->nregions--;<br>
+close_msg_fds:<br>
+ close_msg_fds(ctx);<br>
+ return RTE_VHOST_MSG_RESULT_ERR;<br>
+}<br>
+<br>
+static int<br>
+vhost_user_rem_mem_reg(struct virtio_net **pdev,<br>
+ struct vhu_msg_context *ctx,<br>
+ int main_fd __rte_unused)<br>
+{<br>
+ struct VhostUserMemoryRegion *region = &ctx->msg.payload.memreg.region;<br>
+ struct virtio_net *dev = *pdev;<br>
+ uint32_t i;<br>
+<br>
+ if (dev->mem == NULL || dev->mem->nregions == 0) {<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR, "no memory regions to remove");<br>
+ close_msg_fds(ctx);<br></blockquote><div>Not needed if properly declared.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+ return RTE_VHOST_MSG_RESULT_ERR;<br>
+ }<br>
+<br>
+ if (validate_msg_fds(dev, ctx, 0) != 0)<br>
+ return RTE_VHOST_MSG_RESULT_ERR;<br></blockquote><div><br></div><div>With proper declaration, we can remove this check, as it is done in a generic way.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+<br>
+ for (i = 0; i < dev->mem->nregions; i++) {<br>
+ struct rte_vhost_mem_region *current_region = &dev->mem->regions[i];<br>
+<br>
+ /*<br>
+ * According to the vhost-user specification:<br>
+ * The memory region to be removed is identified by its GPA,<br>
+ * user address and size. The mmap offset is ignored.<br>
+ */<br>
+ if (region->userspace_addr == current_region->guest_user_addr<br>
+ && region->guest_phys_addr == current_region->guest_phys_addr<br>
+ && region->memory_size == current_region->size) {<br>
+ if (dev->async_copy && rte_vfio_is_enabled("vfio"))<br>
+ async_dma_map_region(dev, current_region, false);<br>
+ remove_guest_pages(dev, current_region);<br></blockquote><div><br></div><div>You are missing the step to clear the IOTLB cache entries matching with this removed region.</div><div>In vhost_user_set_mem_table(), a vhost_user_iotlb_flush_all() call is made,</div><div>but that would be kind of a nuclear option for memory hotplug.</div><div><br></div><div>I suggest removing only the entries matching the removed area, something like this:</div><div> if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))<br> vhost_user_iotlb_cache_remove(dev, current_region->guest_phys_addr, current_region->size);</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+ free_mem_region(current_region);<br>
+<br>
+ /* Compact the regions array to keep it contiguous */<br>
+ if (i < dev->mem->nregions - 1) {<br>
+ memmove(&dev->mem->regions[i],<br>
+ &dev->mem->regions[i + 1],<br>
+ (dev->mem->nregions - 1 - i) *<br>
+ sizeof(struct rte_vhost_mem_region));<br>
+ memset(&dev->mem->regions[dev->mem->nregions - 1],<br>
+ 0, sizeof(struct rte_vhost_mem_region));<br>
+ }<br>
+<br>
+ dev->mem->nregions--;<br>
+ dev_invalidate_vrings(pdev, VHOST_USER_REM_MEM_REG);<br>
+ dev = *pdev;<br>
+ close_msg_fds(ctx);<br></blockquote><div><div>And no need to close FDs, are we are now sure none were provided.</div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+ return RTE_VHOST_MSG_RESULT_OK;<br>
+ }<br>
+ }<br>
+<br>
+ VHOST_CONFIG_LOG(dev->ifname, ERR, "failed to find region");<br>
+ close_msg_fds(ctx);<br></blockquote><div><br></div><div>Same, no more needed.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+ return RTE_VHOST_MSG_RESULT_ERR;<br>
+}<br>
+<br>
static bool<br>
vq_is_ready(struct virtio_net *dev, struct vhost_virtqueue *vq)<br>
{<br>
-- <br>
2.43.0<br>
<br>
</blockquote></div></div>