[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC 0/9] Add an interVM memory sharing device

From: Igor Kotrasiński
Subject: Re: [RFC 0/9] Add an interVM memory sharing device
Date: Fri, 7 Feb 2020 10:00:50 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

On 2/5/20 3:49 PM, Jan Kiszka wrote:
On 05.02.20 15:39, Stefan Hajnoczi wrote:
On Tue, Feb 04, 2020 at 12:30:42PM +0100, address@hidden wrote:
From: Igor Kotrasinski <address@hidden>

This patchset adds a "memory exposing" device that allows two QEMU
instances to share arbitrary memory regions. Unlike ivshmem, it does not
create a new region of memory that's shared between VMs, but instead
allows one VM to access any memory region of the other VM we choose to

The motivation for this device is a sort of ARM Trustzone "emulation",
where a rich system running on one machine (e.g. x86_64 linux) is able
to perform SMCs to a trusted system running on another (e.g. OpTEE on
ARM). With a device that allows sharing arbitrary memory between VMs,
this can be achieved with minimal changes to the trusted system and its
linux driver while allowing the rich system to run on a speedier x86
emulator. I prepared additional patches for linux, OpTEE OS and OpTEE
build system as a PoC that such emulation works and passes OpTEE tests;
I'm not sure what would be the best way to share them.

This patchset is my first foray into QEMU source code and I'm certain
it's not yet ready to be merged in. I'm not sure whether memory sharing
code has any race conditions or breaks rules of working with memory
regions, or if having VMs communicate synchronously via chardevs is the
right way to do it. I do believe the basic idea for sharing memory
regions is sound and that it could be useful for inter-VM communication.

Without having looked into the patches yet, I'm already wondering if you
can use the existing -object
memory-backend-file,size=512M,mem-path=/my/shared/mem feature for your
use case?

That's the existing mechanism for fully sharing guest RAM and if you
want to share all of memory then maybe a device is not necessary - just
share the memory.

That option adds memory in addition to the memory allocated with the '-m' flag, doesn't it? I looked into that option, and it seemed to me you can't back all memory this way.

Apart from that, the only advantage my solution has is that it's aware of any memory overlaying the memory-backed regions (i.e. memory backed by accessor functions). Maybe I don't need this for my use case, I'd have to test that.

I suspect it's about sharing that memory in a discoverable way. Maybe it is also about the signalling channel defined in the device.

OTOH, when it's really about sharing everything, even bidirectional, that rather looks like a pragmatic shortcut, not a generic model.

The patches should clarify their use case a bit further, I think. The title suggests a generic sharing solution, but my impression is that it rather caters a specific case under specific boundary conditions.


The solution does stem from a specific use case, the ARM Trustzone forwarding described in the cover letter. Normally both OSes can pass data around by sharing physical addresses (potentially from anywhere in memory), so giving VMs an ability to access one another's memory no matter how it's backed allows for minimal trusted OS modification, just offsetting physical addresses. The interrupt functionality also reflects this, it's intended to pass around SMC data.

I realize that this kind of total memory sharing couples the two VMs tightly - this is why I'm asking for comments on this, perhaps there's a better solution for this specific scenario.

For what it's worth, the extent of this sharing can be reduced by using a limited MemoryRegion like it's done for secure and non-secure memory views on ARM.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]