|SUCCESS| [v9,5/5] vhost_user: enable configure memory slots
dpdklab at iol.unh.edu
dpdklab at iol.unh.edu
Wed Apr 8 00:04:44 CEST 2026
Test-Label: ai-code-review
Test-Status: SUCCESS
https://dpdk.org/patch/162898
_AI Code Review_
=== Patch Review: series.patch (via Claude) ===
Review date: 2026-04-07
# Review of DPDK vhost-user memory region management patch series
commit (patch series v9)
Author: Pravin M Bathija <pravin.bathija at dell.com>
Subject: vhost: add user to mailmap and define to vhost hdr
This patch series adds support for dynamic memory region add/remove
operations in the vhost-user backend. The series introduces new protocol
messages (GET_MAX_MEM_SLOTS, ADD_MEM_REG, REM_MEM_REG) and supporting
infrastructure.
> diff --git a/.mailmap b/.mailmap
> index 0e0d83e1c6..cc44e27036 100644
> --- a/.mailmap
> +++ b/.mailmap
> @@ -1295,6 +1295,7 @@ Prateek Agarwal <prateekag at cse.iitb.ac.in>
> Prathisna Padmasanan <prathisna.padmasanan at intel.com>
> Praveen Kaligineedi <pkaligineedi at google.com>
> Praveen Shetty <praveen.shetty at intel.com>
> +Pravin M Bathija <pravin.bathija at dell.com>
> Pravin Pathak <pravin.pathak.dev at gmail.com> <pravin.pathak at intel.com>
> Prince Takkar <ptakkar at marvell.com>
> Priyalee Kushwaha <priyalee.kushwaha at intel.com>
> diff --git a/lib/vhost/rte_vhost.h b/lib/vhost/rte_vhost.h
> index 2f7c4c0080..a7f9700538 100644
> --- a/lib/vhost/rte_vhost.h
> +++ b/lib/vhost/rte_vhost.h
> @@ -109,6 +109,10 @@ extern "C" {
> #define VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD 12
> #endif
>
> +#ifndef VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS
> +#define VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS 15
> +#endif
> +
Does this #ifndef guard make sense for a new feature being added? These
feature bit definitions should be unconditionally defined by DPDK, not
guarded. The #ifndef pattern is used for features defined externally that
DPDK may need to support regardless of version. For a feature DPDK is
introducing, the value should just be defined directly.
> diff --git a/lib/vhost/vhost_user.h b/lib/vhost/vhost_user.h
> index ef486545ba..f8d921f7f1 100644
> --- a/lib/vhost/vhost_user.h
> +++ b/lib/vhost/vhost_user.h
> @@ -67,6 +67,9 @@ typedef enum VhostUserRequest {
> VHOST_USER_POSTCOPY_END = 30,
> VHOST_USER_GET_INFLIGHT_FD = 31,
> VHOST_USER_SET_INFLIGHT_FD = 32,
> + VHOST_USER_GET_MAX_MEM_SLOTS = 36,
> + VHOST_USER_ADD_MEM_REG = 37,
> + VHOST_USER_REM_MEM_REG = 38,
> VHOST_USER_SET_STATUS = 39,
> VHOST_USER_GET_STATUS = 40,
> } VhostUserRequest;
[ ... ]
> diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c
> index 4bfb13fb98..1f96ecf963 100644
> --- a/lib/vhost/vhost_user.c
> +++ b/lib/vhost/vhost_user.c
> @@ -171,6 +171,52 @@ get_blk_size(int fd)
> return ret == -1 ? (uint64_t)-1 : (uint64_t)stat.st_blksize;
> }
>
> +static int
> +async_dma_map_region(struct virtio_net *dev, struct rte_vhost_mem_region *reg, bool do_map)
> +{
> + uint32_t i;
> + int ret;
> + uint64_t reg_start = reg->host_user_addr;
> + uint64_t reg_end = reg_start + reg->size;
Can reg_start + reg->size overflow? Should this addition be checked
before use?
> +
> + for (i = 0; i < dev->nr_guest_pages; i++) {
> + struct guest_page *page = &dev->guest_pages[i];
> +
> + /* Only process pages belonging to this region */
> + if (page->host_user_addr < reg_start ||
> + page->host_user_addr >= reg_end)
> + continue;
> +
> + if (do_map) {
> + ret = rte_vfio_container_dma_map(RTE_VFIO_DEFAULT_CONTAINER_FD,
> + page->host_user_addr,
> + page->host_iova,
> + page->size);
> + if (ret) {
> + if (rte_errno == ENODEV)
> + return 0;
> +
> + VHOST_CONFIG_LOG(dev->ifname, ERR, "DMA engine map failed");
> + return -1;
> + }
If the DMA map fails partway through the loop, does this leave some pages
mapped and some unmapped? Should the function unmap already-mapped pages
before returning on error?
> + } else {
> + ret = rte_vfio_container_dma_unmap(RTE_VFIO_DEFAULT_CONTAINER_FD,
> + page->host_user_addr,
> + page->host_iova,
> + page->size);
> + if (ret) {
> + if (rte_errno == EINVAL)
> + return 0;
> +
> + VHOST_CONFIG_LOG(dev->ifname, ERR, "DMA engine unmap failed");
> + return -1;
> + }
> + }
> + }
> +
> + return 0;
> +}
[ ... ]
> @@ -225,7 +271,17 @@ async_dma_map(struct virtio_net *dev, bool do_map)
> }
>
> static void
> -free_mem_region(struct virtio_net *dev)
> +free_mem_region(struct rte_vhost_mem_region *reg)
> +{
> + if (reg != NULL && reg->mmap_addr) {
> + munmap(reg->mmap_addr, reg->mmap_size);
> + close(reg->fd);
> + memset(reg, 0, sizeof(struct rte_vhost_mem_region));
> + }
> +}
> +
> +static void
> +free_all_mem_regions(struct virtio_net *dev)
> {
> uint32_t i;
> struct rte_vhost_mem_region *reg;
> @@ -236,12 +292,10 @@ free_mem_region(struct virtio_net *dev)
> if (dev->async_copy && rte_vfio_is_enabled("vfio"))
> async_dma_map(dev, false);
>
> - for (i = 0; i < dev->mem->nregions; i++) {
> + for (i = 0; i < VHOST_MEMORY_MAX_NREGIONS; i++) {
> reg = &dev->mem->regions[i];
> - if (reg->host_user_addr) {
> - munmap(reg->mmap_addr, reg->mmap_size);
> - close(reg->fd);
> - }
> + if (reg->mmap_addr)
> + free_mem_region(reg);
> }
> }
In free_all_mem_regions(), does iterating to VHOST_MEMORY_MAX_NREGIONS
instead of dev->mem->nregions introduce unnecessary overhead? Would
checking dev->mem->nregions be more efficient since uninitialized regions
would have NULL mmap_addr?
[ ... ]
> @@ -808,8 +862,10 @@ hua_to_alignment(struct rte_vhost_memory *mem, void *ptr)
> uint32_t i;
> uintptr_t hua = (uintptr_t)ptr;
>
> - for (i = 0; i < mem->nregions; i++) {
> + for (i = 0; i < VHOST_MEMORY_MAX_NREGIONS; i++) {
> r = &mem->regions[i];
> + if (r->host_user_addr == 0)
> + continue;
> if (hua >= r->host_user_addr &&
> hua < r->host_user_addr + r->size) {
> return get_blk_size(r->fd);
Does iterating to VHOST_MEMORY_MAX_NREGIONS affect hua_to_alignment()
performance? Could early termination at mem->nregions be maintained while
supporting dynamic regions?
[ ... ]
> @@ -1136,6 +1192,24 @@ add_guest_pages(struct virtio_net *dev, struct rte_vhost_mem_region *reg,
> return 0;
> }
>
> +static void
> +remove_guest_pages(struct virtio_net *dev, struct rte_vhost_mem_region *reg)
> +{
> + uint64_t reg_start = reg->host_user_addr;
> + uint64_t reg_end = reg_start + reg->size;
Can reg_start + reg->size overflow here as well?
> + uint32_t i, j = 0;
> +
> + for (i = 0; i < dev->nr_guest_pages; i++) {
> + if (dev->guest_pages[i].host_user_addr >= reg_start &&
> + dev->guest_pages[i].host_user_addr < reg_end)
> + continue;
> + if (j != i)
> + dev->guest_pages[j] = dev->guest_pages[i];
> + j++;
> + }
> + dev->nr_guest_pages = j;
> +}
[ ... ]
> @@ -1246,10 +1320,14 @@ vhost_user_postcopy_register(struct virtio_net *dev, int main_fd,
> * DPDK's virtual address with Qemu, so that Qemu can
> * retrieve the region offset when handling userfaults.
> */
> + int reg_msg_index = 0;
> memory = &ctx->msg.payload.memory;
> for (i = 0; i < memory->nregions; i++) {
> reg = &dev->mem->regions[i];
> - memory->regions[i].userspace_addr = reg->host_user_addr;
> + if (reg->host_user_addr == 0)
> + continue;
> + memory->regions[reg_msg_index].userspace_addr = reg->host_user_addr;
> + reg_msg_index++;
> }
In vhost_user_postcopy_register(), does skipping regions with
host_user_addr == 0 create a mismatch between the region indices that
QEMU expects and what is sent? Should memory->nregions be updated to
reg_msg_index after the loop?
[ ... ]
> @@ -1382,6 +1462,52 @@ vhost_user_mmap_region(struct virtio_net *dev,
> return 0;
> }
>
> +static int
> +vhost_user_initialize_memory(struct virtio_net **pdev)
> +{
> + struct virtio_net *dev = *pdev;
> + int numa_node = SOCKET_ID_ANY;
> +
> + if (dev->mem != NULL) {
> + VHOST_CONFIG_LOG(dev->ifname, ERR,
> + "memory already initialized, free it first");
> + return -1;
> + }
> +
> + /*
> + * If VQ 0 has already been allocated, try to allocate on the same
> + * NUMA node. It can be reallocated later in numa_realloc().
> + */
> + if (dev->nr_vring > 0)
> + numa_node = dev->virtqueue[0]->numa_node;
> +
> + dev->nr_guest_pages = 0;
> + if (dev->guest_pages == NULL) {
> + dev->max_guest_pages = 8;
> + dev->guest_pages = rte_zmalloc_socket(NULL,
> + dev->max_guest_pages *
> + sizeof(struct guest_page),
> + RTE_CACHE_LINE_SIZE,
> + numa_node);
> + if (dev->guest_pages == NULL) {
> + VHOST_CONFIG_LOG(dev->ifname, ERR,
> + "failed to allocate memory for dev->guest_pages");
> + return -1;
> + }
> + }
> +
> + dev->mem = rte_zmalloc_socket("vhost-mem-table", sizeof(struct rte_vhost_memory) +
> + sizeof(struct rte_vhost_mem_region) * VHOST_MEMORY_MAX_NREGIONS, 0, numa_node);
Does this line exceed 79 characters? Should it be wrapped?
> + if (dev->mem == NULL) {
> + VHOST_CONFIG_LOG(dev->ifname, ERR, "failed to allocate memory for dev->mem");
> + rte_free(dev->guest_pages);
> + dev->guest_pages = NULL;
If dev->guest_pages was already allocated before calling this function,
does freeing it here cause a leak of the previously allocated memory? The
code only allocates guest_pages if it is NULL, so a prior allocation would
remain after the free.
> + return -1;
> + }
> +
> + return 0;
> +}
[ ... ]
> @@ -1657,6 +1633,223 @@ vhost_user_set_mem_table(struct virtio_net **pdev,
> return RTE_VHOST_MSG_RESULT_OK;
>
> free_mem_table:
> - free_mem_region(dev);
> + free_all_mem_regions(dev);
> rte_free(dev->mem);
> dev->mem = NULL;
> -
> -free_guest_pages:
> rte_free(dev->guest_pages);
> dev->guest_pages = NULL;
> close_msg_fds:
> @@ -1669,6 +1643,223 @@ vhost_user_set_mem_table(struct virtio_net **pdev,
> return RTE_VHOST_MSG_RESULT_ERR;
> }
>
> +
> +static int
> +vhost_user_get_max_mem_slots(struct virtio_
More information about the test-report
mailing list