|SUCCESS| [v13,5/5] vhost_user: enable configure memory slots
dpdklab at iol.unh.edu
dpdklab at iol.unh.edu
Thu May 14 05:47:03 CEST 2026
Test-Label: ai-code-review
Test-Status: SUCCESS
https://dpdk.org/patch/163983
_AI Code Review_
=== Patch Review: series.patch (via Claude) ===
Review date: 2026-05-14
Commit: series.patch (multiple commits in patch series)
Author: Pravin M Bathija <pravin.bathija at dell.com>
Subject: [PATCH v13 1/5] vhost: add user to mailmap and define to vhost hdr
This patch series adds support for dynamic memory region
addition/removal in the vhost-user backend. The front-end can now add
or remove memory regions at runtime via new vhost-user protocol
messages.
> diff --git a/.mailmap b/.mailmap
> index 0e0d83e1c6..cc44e27036 100644
> --- a/.mailmap
> +++ b/.mailmap
> @@ -1295,6 +1295,7 @@ Prateek Agarwal <prateekag at cse.iitb.ac.in>
> Prathisna Padmasanan <prathisna.padmasanan at intel.com>
> Praveen Kaligineedi <pkaligineedi at google.com>
> Praveen Shetty <praveen.shetty at intel.com>
> +Pravin M Bathija <pravin.bathija at dell.com>
> Pravin Pathak <pravin.pathak.dev at gmail.com> <pravin.pathak at intel.com>
> Prince Takkar <ptakkar at marvell.com>
> Priyalee Kushwaha <priyalee.kushwaha at intel.com>
[ ... ]
> diff --git a/lib/vhost/rte_vhost.h b/lib/vhost/rte_vhost.h
> index 2f7c4c0080..a7f9700538 100644
> --- a/lib/vhost/rte_vhost.h
> +++ b/lib/vhost/rte_vhost.h
> @@ -109,6 +109,10 @@ extern "C" {
> #define VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD 12
> #endif
>
> +#ifndef VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS
> +#define VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS 15
> +#endif
Does this header need ifndef guards around feature bit definitions? The
VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS value 15 appears to be from the
vhost-user spec. Can this conflict if the definition already exists
elsewhere?
> diff --git a/lib/vhost/vhost_user.h b/lib/vhost/vhost_user.h
> index ef486545ba..6435816534 100644
> --- a/lib/vhost/vhost_user.h
> +++ b/lib/vhost/vhost_user.h
> @@ -67,6 +67,9 @@ typedef enum VhostUserRequest {
> VHOST_USER_POSTCOPY_END = 30,
> VHOST_USER_GET_INFLIGHT_FD = 31,
> VHOST_USER_SET_INFLIGHT_FD = 32,
> + VHOST_USER_GET_MAX_MEM_SLOTS = 36,
> + VHOST_USER_ADD_MEM_REG = 37,
> + VHOST_USER_REM_MEM_REG = 38,
> VHOST_USER_SET_STATUS = 39,
> VHOST_USER_GET_STATUS = 40,
> } VhostUserRequest;
[ ... ]
> diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c
> index 4bfb13fb98..0ee3fe7a5e 100644
> --- a/lib/vhost/vhost_user.c
> +++ b/lib/vhost/vhost_user.c
> @@ -171,20 +171,27 @@ get_blk_size(int fd)
> return ret == -1 ? (uint64_t)-1 : (uint64_t)stat.st_blksize;
> }
>
> -static void
> -async_dma_map(struct virtio_net *dev, bool do_map)
> +static int
> +async_dma_map_region(struct virtio_net *dev, struct rte_vhost_mem_region *reg, bool do_map)
Does this line exceed 79 characters?
> {
> - int ret = 0;
> uint32_t i;
> - struct guest_page *page;
> + int ret;
> + uint64_t reg_start = reg->host_user_addr;
> + uint64_t reg_end = reg_start + reg->size;
Can this overflow if reg->size is large enough that reg_start + reg->size
wraps around?
> + for (i = 0; i < dev->nr_guest_pages; i++) {
> + struct guest_page *page = &dev->guest_pages[i];
> +
> + /* Only process pages belonging to this region */
> + if (page->host_user_addr < reg_start ||
> + page->host_user_addr >= reg_end)
> + continue;
>
> - if (do_map) {
> - for (i = 0; i < dev->nr_guest_pages; i++) {
> - page = &dev->guest_pages[i];
> + if (do_map) {
> ret = rte_vfio_container_dma_map(RTE_VFIO_DEFAULT_CONTAINER_FD,
> - page->host_user_addr,
> - page->host_iova,
> - page->size);
> + page->host_user_addr,
> + page->host_iova,
> + page->size);
> if (ret) {
[ ... ]
> @@ -255,7 +284,7 @@ vhost_backend_cleanup(struct virtio_net *dev)
> vdpa_dev->ops->dev_cleanup(dev->vid);
>
> if (dev->mem) {
> - free_mem_region(dev);
> + free_all_mem_regions(dev);
> rte_free(dev->mem);
> dev->mem = NULL;
> }
> @@ -704,7 +733,7 @@ numa_realloc(struct virtio_net **pdev, struct vhost_virtqueue **pvq)
> vhost_devices[dev->vid] = dev;
>
> mem_size = sizeof(struct rte_vhost_memory) +
> - sizeof(struct rte_vhost_mem_region) * dev->mem->nregions;
> + sizeof(struct rte_vhost_mem_region) * VHOST_MEMORY_MAX_NREGIONS;
> mem = rte_realloc_socket(dev->mem, mem_size, 0, node);
Does this change mean numa_realloc() always allocates space for the
maximum number of regions, even if only a few are in use? Could this waste
memory compared to allocating only dev->mem->nregions entries?
> @@ -808,8 +837,10 @@ hua_to_alignment(struct rte_vhost_memory *mem, void *ptr)
> uint32_t i;
> uintptr_t hua = (uintptr_t)ptr;
>
> - for (i = 0; i < mem->nregions; i++) {
> + for (i = 0; i < VHOST_MEMORY_MAX_NREGIONS; i++) {
> r = &mem->regions[i];
> + if (r->host_user_addr == 0)
> + continue;
Does this skip check work correctly if a valid region legitimately has
host_user_addr of 0 (e.g., mapping at address 0)? Does the code assume
host_user_addr == 0 means an unused slot?
[ ... ]
> +static int
> +vhost_user_initialize_memory(struct virtio_net **pdev)
> +{
> + struct virtio_net *dev = *pdev;
> + int numa_node = SOCKET_ID_ANY;
> +
> + if (dev->mem != NULL) {
> + VHOST_CONFIG_LOG(dev->ifname, ERR,
> + "memory already initialized, free it first");
> + return -1;
> + }
[ ... ]
> + dev->mem = rte_zmalloc_socket("vhost-mem-table", sizeof(struct rte_vhost_memory) +
> + sizeof(struct rte_vhost_mem_region) * VHOST_MEMORY_MAX_NREGIONS, 0, numa_node);
Does this line exceed 79 characters?
> + if (dev->mem == NULL) {
> + VHOST_CONFIG_LOG(dev->ifname, ERR, "failed to allocate memory for dev->mem");
> + rte_free(dev->guest_pages);
> + dev->guest_pages = NULL;
> + return -1;
> + }
> +
> + return 0;
> +}
[ ... ]
> +static int
> +vhost_user_get_max_mem_slots(struct virtio_net **pdev __rte_unused,
> + struct vhu_msg_context *ctx,
> + int main_fd __rte_unused)
> +{
> + uint32_t max_mem_slots = VHOST_MEMORY_MAX_NREGIONS;
> +
> + ctx->msg.payload.u64 = (uint64_t)max_mem_slots;
> + ctx->msg.size = sizeof(ctx->msg.payload.u64);
> + ctx->fd_num = 0;
> +
> + return RTE_VHOST_MSG_RESULT_REPLY;
> +}
[ ... ]
> +static int
> +vhost_user_add_mem_reg(struct virtio_net **pdev,
> + struct vhu_msg_context *ctx,
> + int main_fd __rte_unused)
> +{
> + uint32_t i;
> + struct virtio_net *dev = *pdev;
> + struct VhostUserMemoryRegion *region = &ctx->msg.payload.memreg.region;
> +
> + /* convert first region add to normal memory table set */
> + if (dev->mem == NULL) {
> + if (vhost_user_initialize_memory(pdev) < 0)
> + goto close_msg_fds;
> + }
> +
> + /* make sure new region will fit */
> + if (dev->mem->nregions >= VHOST_MEMORY_MAX_NREGIONS) {
> + VHOST_CONFIG_LOG(dev->ifname, ERR, "too many memory regions already (%u)",
> + dev->mem->nregions);
Does this line exceed 79 characters?
> + goto close_msg_fds;
> + }
> +
> + /* make sure supplied memory fd present */
> + if (ctx->fd_num != 1) {
> + VHOST_CONFIG_LOG(dev->ifname, ERR, "fd count makes no sense (%u)", ctx->fd_num);
> + goto close_msg_fds;
> + }
> +
> + /* Make sure no overlap in guest virtual address space */
> + for (i = 0; i < dev->mem->nregions; i++) {
> + struct rte_vhost_mem_region *current_region = &dev->mem->regions[i];
> + uint64_t current_region_guest_start = current_region->guest_user_addr;
> + uint64_t current_region_guest_end = current_region_guest_start
> + + current_region->size - 1;
Does this line exceed 79 characters?
> + uint64_t proposed_region_guest_start = region->userspace_addr;
> + uint64_t proposed_region_guest_end = proposed_region_guest_start
> + + region->memory_size - 1;
Does this line exceed 79 characters?
Can the computation current_region_guest_start + current_region->size - 1
overflow if current_region->size is UINT64_MAX or close to it?
Can the computation proposed_region_guest_start + region->memory_size - 1
overflow similarly?
> +
> + if (!((proposed_region_guest_end < current_region_guest_start) ||
> + (proposed_region_guest_start > current_region_guest_end))) {
[ ... ]
> + /* New region goes at the end of the contiguous array */
> + struct rte_vhost_mem_region *reg = &dev->mem->regions[dev->mem->nregions];
> +
> + reg->guest_phys_addr = region->guest_phys_addr;
> + reg->guest_user_addr = region->userspace_addr;
> + reg->size = region->memory_size;
> + reg->fd = ctx->fds[0];
> + ctx->fds[0] = -1;
> +
> + if (vhost_user_mmap_region(dev, reg, region->mmap_offset) < 0) {
> + VHOST_CONFIG_LOG(dev->ifname, ERR, "failed to mmap region");
> + if (reg->mmap_addr) {
> + /* mmap succeeded but a later step (e.g. add_guest_pages)
> + * failed; undo the mapping and any guest-page entries.
> + */
> + remove_guest_pages(dev, reg);
> + free_mem_region(reg);
> + } else {
> + close(reg->fd);
> + reg->fd = -1;
> + }
> + goto close_msg_fds;
> + }
> +
> + dev->mem->nregions++;
> +
> + if (dev->async_copy && rte_vfio_is_enabled("vfio")) {
> + if (async_dma_map_region(dev, reg, true) < 0)
> + goto free_new_region;
> + }
If async_dma_map_region() fails in vhost_user_add_mem_reg(), does this
code properly decrement dev->mem->nregions before jumping to
free_new_region? Or does it leave nregions incremented?
> +
> + if (dev->postcopy_listening) {
> + /*
> + * Cannot use vhost_user_postcopy_register() here because it
> + * reads ctx->msg.payload.memory (SET_MEM_TABLE layout), but
> + * ADD_MEM_REG uses the memreg payload. Register the
> + * single new region directly instead.
> + */
> + if (vhost_user_postcopy_region_register(dev, reg) < 0)
> + goto free_new_region;
> + }
> +
> + dev_invalidate_vrings(pdev, VHOST_USER_ADD_MEM_REG);
> + dev = *pdev;
> + dump_guest_pages(dev);
> +
> + return RTE_VHOST_MSG_RESULT_OK;
> +
> +free_new_region:
> + if (dev->async_copy && rte_vfio_is_enabled("vfio"))
> + async_dma_map_region(dev, reg, false);
> + remove_guest_pages(dev, reg);
> + free_mem_region
More information about the test-report
mailing list