scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / numa.c
1 /*
2 * NUMA parameter parsing routines
3 *
4 * Copyright (c) 2014 Fujitsu Ltd.
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26 #include "sysemu/numa.h"
27 #include "exec/cpu-common.h"
28 #include "qemu/bitmap.h"
29 #include "qom/cpu.h"
30 #include "qemu/error-report.h"
31 #include "include/exec/cpu-common.h" /* for RAM_ADDR_FMT */
32 #include "qapi-visit.h"
33 #include "qapi/opts-visitor.h"
34 #include "hw/boards.h"
35 #include "sysemu/hostmem.h"
36 #include "qmp-commands.h"
37 #include "hw/mem/pc-dimm.h"
38 #include "qemu/option.h"
39 #include "qemu/config-file.h"
40
41 QemuOptsList qemu_numa_opts = {
42 .name = "numa",
43 .implied_opt_name = "type",
44 .head = QTAILQ_HEAD_INITIALIZER(qemu_numa_opts.head),
45 .desc = { { 0 } } /* validated with OptsVisitor */
46 };
47
48 static int have_memdevs = -1;
49 static int max_numa_nodeid; /* Highest specified NUMA node ID, plus one.
50 * For all nodes, nodeid < max_numa_nodeid
51 */
52 int nb_numa_nodes;
53 NodeInfo numa_info[MAX_NODES];
54
55 void numa_set_mem_node_id(ram_addr_t addr, uint64_t size, uint32_t node)
56 {
57 struct numa_addr_range *range;
58
59 /*
60 * Memory-less nodes can come here with 0 size in which case,
61 * there is nothing to do.
62 */
63 if (!size) {
64 return;
65 }
66
67 range = g_malloc0(sizeof(*range));
68 range->mem_start = addr;
69 range->mem_end = addr + size - 1;
70 QLIST_INSERT_HEAD(&numa_info[node].addr, range, entry);
71 }
72
73 void numa_unset_mem_node_id(ram_addr_t addr, uint64_t size, uint32_t node)
74 {
75 struct numa_addr_range *range, *next;
76
77 QLIST_FOREACH_SAFE(range, &numa_info[node].addr, entry, next) {
78 if (addr == range->mem_start && (addr + size - 1) == range->mem_end) {
79 QLIST_REMOVE(range, entry);
80 g_free(range);
81 return;
82 }
83 }
84 }
85
86 static void numa_set_mem_ranges(void)
87 {
88 int i;
89 ram_addr_t mem_start = 0;
90
91 /*
92 * Deduce start address of each node and use it to store
93 * the address range info in numa_info address range list
94 */
95 for (i = 0; i < nb_numa_nodes; i++) {
96 numa_set_mem_node_id(mem_start, numa_info[i].node_mem, i);
97 mem_start += numa_info[i].node_mem;
98 }
99 }
100
101 /*
102 * Check if @addr falls under NUMA @node.
103 */
104 static bool numa_addr_belongs_to_node(ram_addr_t addr, uint32_t node)
105 {
106 struct numa_addr_range *range;
107
108 QLIST_FOREACH(range, &numa_info[node].addr, entry) {
109 if (addr >= range->mem_start && addr <= range->mem_end) {
110 return true;
111 }
112 }
113 return false;
114 }
115
116 /*
117 * Given an address, return the index of the NUMA node to which the
118 * address belongs to.
119 */
120 uint32_t numa_get_node(ram_addr_t addr, Error **errp)
121 {
122 uint32_t i;
123
124 /* For non NUMA configurations, check if the addr falls under node 0 */
125 if (!nb_numa_nodes) {
126 if (numa_addr_belongs_to_node(addr, 0)) {
127 return 0;
128 }
129 }
130
131 for (i = 0; i < nb_numa_nodes; i++) {
132 if (numa_addr_belongs_to_node(addr, i)) {
133 return i;
134 }
135 }
136
137 error_setg(errp, "Address 0x" RAM_ADDR_FMT " doesn't belong to any "
138 "NUMA node", addr);
139 return -1;
140 }
141
142 static void numa_node_parse(NumaNodeOptions *node, QemuOpts *opts, Error **errp)
143 {
144 uint16_t nodenr;
145 uint16List *cpus = NULL;
146
147 if (node->has_nodeid) {
148 nodenr = node->nodeid;
149 } else {
150 nodenr = nb_numa_nodes;
151 }
152
153 if (nodenr >= MAX_NODES) {
154 error_setg(errp, "Max number of NUMA nodes reached: %"
155 PRIu16 "", nodenr);
156 return;
157 }
158
159 if (numa_info[nodenr].present) {
160 error_setg(errp, "Duplicate NUMA nodeid: %" PRIu16, nodenr);
161 return;
162 }
163
164 for (cpus = node->cpus; cpus; cpus = cpus->next) {
165 if (cpus->value >= max_cpus) {
166 error_setg(errp,
167 "CPU index (%" PRIu16 ")"
168 " should be smaller than maxcpus (%d)",
169 cpus->value, max_cpus);
170 return;
171 }
172 bitmap_set(numa_info[nodenr].node_cpu, cpus->value, 1);
173 }
174
175 if (node->has_mem && node->has_memdev) {
176 error_setg(errp, "qemu: cannot specify both mem= and memdev=");
177 return;
178 }
179
180 if (have_memdevs == -1) {
181 have_memdevs = node->has_memdev;
182 }
183 if (node->has_memdev != have_memdevs) {
184 error_setg(errp, "qemu: memdev option must be specified for either "
185 "all or no nodes");
186 return;
187 }
188
189 if (node->has_mem) {
190 uint64_t mem_size = node->mem;
191 const char *mem_str = qemu_opt_get(opts, "mem");
192 /* Fix up legacy suffix-less format */
193 if (g_ascii_isdigit(mem_str[strlen(mem_str) - 1])) {
194 mem_size <<= 20;
195 }
196 numa_info[nodenr].node_mem = mem_size;
197 }
198 if (node->has_memdev) {
199 Object *o;
200 o = object_resolve_path_type(node->memdev, TYPE_MEMORY_BACKEND, NULL);
201 if (!o) {
202 error_setg(errp, "memdev=%s is ambiguous", node->memdev);
203 return;
204 }
205
206 object_ref(o);
207 numa_info[nodenr].node_mem = object_property_get_int(o, "size", NULL);
208 numa_info[nodenr].node_memdev = MEMORY_BACKEND(o);
209 }
210 numa_info[nodenr].present = true;
211 max_numa_nodeid = MAX(max_numa_nodeid, nodenr + 1);
212 }
213
214 static int parse_numa(void *opaque, QemuOpts *opts, Error **errp)
215 {
216 NumaOptions *object = NULL;
217 Error *err = NULL;
218
219 {
220 OptsVisitor *ov = opts_visitor_new(opts);
221 visit_type_NumaOptions(opts_get_visitor(ov), NULL, &object, &err);
222 opts_visitor_cleanup(ov);
223 }
224
225 if (err) {
226 goto error;
227 }
228
229 switch (object->type) {
230 case NUMA_OPTIONS_KIND_NODE:
231 numa_node_parse(object->u.node.data, opts, &err);
232 if (err) {
233 goto error;
234 }
235 nb_numa_nodes++;
236 break;
237 default:
238 abort();
239 }
240
241 return 0;
242
243 error:
244 error_report_err(err);
245 qapi_free_NumaOptions(object);
246
247 return -1;
248 }
249
250 static char *enumerate_cpus(unsigned long *cpus, int max_cpus)
251 {
252 int cpu;
253 bool first = true;
254 GString *s = g_string_new(NULL);
255
256 for (cpu = find_first_bit(cpus, max_cpus);
257 cpu < max_cpus;
258 cpu = find_next_bit(cpus, max_cpus, cpu + 1)) {
259 g_string_append_printf(s, "%s%d", first ? "" : " ", cpu);
260 first = false;
261 }
262 return g_string_free(s, FALSE);
263 }
264
265 static void validate_numa_cpus(void)
266 {
267 int i;
268 DECLARE_BITMAP(seen_cpus, MAX_CPUMASK_BITS);
269
270 bitmap_zero(seen_cpus, MAX_CPUMASK_BITS);
271 for (i = 0; i < nb_numa_nodes; i++) {
272 if (bitmap_intersects(seen_cpus, numa_info[i].node_cpu,
273 MAX_CPUMASK_BITS)) {
274 bitmap_and(seen_cpus, seen_cpus,
275 numa_info[i].node_cpu, MAX_CPUMASK_BITS);
276 error_report("CPU(s) present in multiple NUMA nodes: %s",
277 enumerate_cpus(seen_cpus, max_cpus));
278 exit(EXIT_FAILURE);
279 }
280 bitmap_or(seen_cpus, seen_cpus,
281 numa_info[i].node_cpu, MAX_CPUMASK_BITS);
282 }
283
284 if (!bitmap_full(seen_cpus, max_cpus)) {
285 char *msg;
286 bitmap_complement(seen_cpus, seen_cpus, max_cpus);
287 msg = enumerate_cpus(seen_cpus, max_cpus);
288 error_report("warning: CPU(s) not present in any NUMA nodes: %s", msg);
289 error_report("warning: All CPU(s) up to maxcpus should be described "
290 "in NUMA config");
291 g_free(msg);
292 }
293 }
294
295 void parse_numa_opts(MachineClass *mc)
296 {
297 int i;
298
299 if (qemu_opts_foreach(qemu_find_opts("numa"), parse_numa, NULL, NULL)) {
300 exit(1);
301 }
302
303 assert(max_numa_nodeid <= MAX_NODES);
304
305 /* No support for sparse NUMA node IDs yet: */
306 for (i = max_numa_nodeid - 1; i >= 0; i--) {
307 /* Report large node IDs first, to make mistakes easier to spot */
308 if (!numa_info[i].present) {
309 error_report("numa: Node ID missing: %d", i);
310 exit(1);
311 }
312 }
313
314 /* This must be always true if all nodes are present: */
315 assert(nb_numa_nodes == max_numa_nodeid);
316
317 if (nb_numa_nodes > 0) {
318 uint64_t numa_total;
319
320 if (nb_numa_nodes > MAX_NODES) {
321 nb_numa_nodes = MAX_NODES;
322 }
323
324 /* If no memory size is given for any node, assume the default case
325 * and distribute the available memory equally across all nodes
326 */
327 for (i = 0; i < nb_numa_nodes; i++) {
328 if (numa_info[i].node_mem != 0) {
329 break;
330 }
331 }
332 if (i == nb_numa_nodes) {
333 uint64_t usedmem = 0;
334
335 /* On Linux, each node's border has to be 8MB aligned,
336 * the final node gets the rest.
337 */
338 for (i = 0; i < nb_numa_nodes - 1; i++) {
339 numa_info[i].node_mem = (ram_size / nb_numa_nodes) &
340 ~((1 << 23UL) - 1);
341 usedmem += numa_info[i].node_mem;
342 }
343 numa_info[i].node_mem = ram_size - usedmem;
344 }
345
346 numa_total = 0;
347 for (i = 0; i < nb_numa_nodes; i++) {
348 numa_total += numa_info[i].node_mem;
349 }
350 if (numa_total != ram_size) {
351 error_report("total memory for NUMA nodes (0x%" PRIx64 ")"
352 " should equal RAM size (0x" RAM_ADDR_FMT ")",
353 numa_total, ram_size);
354 exit(1);
355 }
356
357 for (i = 0; i < nb_numa_nodes; i++) {
358 QLIST_INIT(&numa_info[i].addr);
359 }
360
361 numa_set_mem_ranges();
362
363 for (i = 0; i < nb_numa_nodes; i++) {
364 if (!bitmap_empty(numa_info[i].node_cpu, MAX_CPUMASK_BITS)) {
365 break;
366 }
367 }
368 /* Historically VCPUs were assigned in round-robin order to NUMA
369 * nodes. However it causes issues with guest not handling it nice
370 * in case where cores/threads from a multicore CPU appear on
371 * different nodes. So allow boards to override default distribution
372 * rule grouping VCPUs by socket so that VCPUs from the same socket
373 * would be on the same node.
374 */
375 if (i == nb_numa_nodes) {
376 for (i = 0; i < max_cpus; i++) {
377 unsigned node_id = i % nb_numa_nodes;
378 if (mc->cpu_index_to_socket_id) {
379 node_id = mc->cpu_index_to_socket_id(i) % nb_numa_nodes;
380 }
381
382 set_bit(i, numa_info[node_id].node_cpu);
383 }
384 }
385
386 validate_numa_cpus();
387 } else {
388 numa_set_mem_node_id(0, ram_size, 0);
389 }
390 }
391
392 void numa_post_machine_init(void)
393 {
394 CPUState *cpu;
395 int i;
396
397 CPU_FOREACH(cpu) {
398 for (i = 0; i < nb_numa_nodes; i++) {
399 if (test_bit(cpu->cpu_index, numa_info[i].node_cpu)) {
400 cpu->numa_node = i;
401 }
402 }
403 }
404 }
405
406 static void allocate_system_memory_nonnuma(MemoryRegion *mr, Object *owner,
407 const char *name,
408 uint64_t ram_size)
409 {
410 if (mem_path) {
411 #ifdef __linux__
412 Error *err = NULL;
413 memory_region_init_ram_from_file(mr, owner, name, ram_size, false,
414 mem_path, &err);
415 if (err) {
416 error_report_err(err);
417 if (mem_prealloc) {
418 exit(1);
419 }
420
421 /* Legacy behavior: if allocation failed, fall back to
422 * regular RAM allocation.
423 */
424 memory_region_init_ram(mr, owner, name, ram_size, &error_fatal);
425 }
426 #else
427 fprintf(stderr, "-mem-path not supported on this host\n");
428 exit(1);
429 #endif
430 } else {
431 memory_region_init_ram(mr, owner, name, ram_size, &error_fatal);
432 }
433 vmstate_register_ram_global(mr);
434 }
435
436 void memory_region_allocate_system_memory(MemoryRegion *mr, Object *owner,
437 const char *name,
438 uint64_t ram_size)
439 {
440 uint64_t addr = 0;
441 int i;
442
443 if (nb_numa_nodes == 0 || !have_memdevs) {
444 allocate_system_memory_nonnuma(mr, owner, name, ram_size);
445 return;
446 }
447
448 memory_region_init(mr, owner, name, ram_size);
449 for (i = 0; i < MAX_NODES; i++) {
450 uint64_t size = numa_info[i].node_mem;
451 HostMemoryBackend *backend = numa_info[i].node_memdev;
452 if (!backend) {
453 continue;
454 }
455 MemoryRegion *seg = host_memory_backend_get_memory(backend,
456 &error_fatal);
457
458 if (memory_region_is_mapped(seg)) {
459 char *path = object_get_canonical_path_component(OBJECT(backend));
460 error_report("memory backend %s is used multiple times. Each "
461 "-numa option must use a different memdev value.",
462 path);
463 exit(1);
464 }
465
466 memory_region_add_subregion(mr, addr, seg);
467 vmstate_register_ram_global(seg);
468 addr += size;
469 }
470 }
471
472 static void numa_stat_memory_devices(uint64_t node_mem[])
473 {
474 MemoryDeviceInfoList *info_list = NULL;
475 MemoryDeviceInfoList **prev = &info_list;
476 MemoryDeviceInfoList *info;
477
478 qmp_pc_dimm_device_list(qdev_get_machine(), &prev);
479 for (info = info_list; info; info = info->next) {
480 MemoryDeviceInfo *value = info->value;
481
482 if (value) {
483 switch (value->type) {
484 case MEMORY_DEVICE_INFO_KIND_DIMM:
485 node_mem[value->u.dimm.data->node] += value->u.dimm.data->size;
486 break;
487 default:
488 break;
489 }
490 }
491 }
492 qapi_free_MemoryDeviceInfoList(info_list);
493 }
494
495 void query_numa_node_mem(uint64_t node_mem[])
496 {
497 int i;
498
499 if (nb_numa_nodes <= 0) {
500 return;
501 }
502
503 numa_stat_memory_devices(node_mem);
504 for (i = 0; i < nb_numa_nodes; i++) {
505 node_mem[i] += numa_info[i].node_mem;
506 }
507 }
508
509 static int query_memdev(Object *obj, void *opaque)
510 {
511 MemdevList **list = opaque;
512 MemdevList *m = NULL;
513
514 if (object_dynamic_cast(obj, TYPE_MEMORY_BACKEND)) {
515 m = g_malloc0(sizeof(*m));
516
517 m->value = g_malloc0(sizeof(*m->value));
518
519 m->value->size = object_property_get_int(obj, "size",
520 &error_abort);
521 m->value->merge = object_property_get_bool(obj, "merge",
522 &error_abort);
523 m->value->dump = object_property_get_bool(obj, "dump",
524 &error_abort);
525 m->value->prealloc = object_property_get_bool(obj,
526 "prealloc",
527 &error_abort);
528 m->value->policy = object_property_get_enum(obj,
529 "policy",
530 "HostMemPolicy",
531 &error_abort);
532 object_property_get_uint16List(obj, "host-nodes",
533 &m->value->host_nodes,
534 &error_abort);
535
536 m->next = *list;
537 *list = m;
538 }
539
540 return 0;
541 }
542
543 MemdevList *qmp_query_memdev(Error **errp)
544 {
545 Object *obj = object_get_objects_root();
546 MemdevList *list = NULL;
547
548 object_child_foreach(obj, query_memdev, &list);
549 return list;
550 }