Provide an inter-guest system shared memory device
Synopsis:
vdev shmem options
Options:
- allow
fnpattern
- Allow the guest to create or attach to any shared memory region whose name
matches the specified filename pattern (fnpattern).
- In this string argument, you can use the same wildcards as the shell uses
for filename expansion, including asterisks (*).
You can repeat this option as much as necessary to grant the guest access
to shared memory.
- If you use this option at all, the configuration will
include an implicit deny * at the end of the
restrictions list, and the guest will be denied access to all shared memory
regions not specified by this list. For example:
vdev shmem
allow test*
allow pluto
grants the guest access to any shared memory region whose name begins with
test and to the region called pluto.
The guest is denied access to all other regions.
- These semantics mean you need to use one (but not both) of the
allow or deny options. For further
discussion, see “Restrictions list”
below.
- create
name,size
- Pre-create a shared memory object named name of
size bytes.
- You can repeat the create option to
pre-create multiple shared memory regions.
- deny
fnpattern
- Deny the guest access to any shared memory region whose name matches the
specified filename pattern (fnpattern).
- In this string argument, you can use the same wildcards as the shell uses
for filename expansion, including asterisks (*).
You can repeat this option as much as necessary
to restrict the guest's access to shared memory.
- If you use this option at all, the configuration will include an implicit
allow * at the end of the restrictions list, and the guest
will be granted access to all shared memory regions not specified by this
list. For example:
vdev shmem
deny live*
deny pluto
denies the guest access to any shared memory region whose name begins with
live and to the region called pluto.
The guest can access any other shared memory region, however.
- These semantics mean you need to use one (but not both) of the
allow or deny options. For further
discussion, see “Restrictions list”
below.
- Alternatively, after using create directives to pre-create
specific named shared memory regions, you can use a deny *
directive to deny access to all other regions.
- intr
intr
- If the loc option is specified, you must also specify the
value of intr; this sets the guest interrupt that is
generated when another guest sends a notification of an update to shared
memory.
- loc
[addr]
- The base address of the factory page for the vdev. If
addr isn't specified, the vdev appears as a PCI
device, and the qvm process automatically assigns the
factory page location and adds this location to the PCI BAR register.
- If you specify this option, you must also specify the intr
option (see above).
- sched
priority
- Use the priority specified by priority for pulses
indicating that input is available.
- subst
[match],prefix
- Specify a prefix to add to shared memory region names
(see “Using the subst option” below).
-
- match
- The character string in the shared memory region name to
substitute, if found, by the character string specified by
prefix.
- prefix
- The character string to substitute for the character string
specified by match, or to simply prefix to
the shared region name if match isn't
specified.
For a list of options available to all vdevs, see
“Common vdev options” at the beginning of this chapter.
Description:
ARM and x86.
The shmem vdev allows you to share memory between guests.
Normally this device appears as a PCI device, but if the
loc and intr options are specified, the guest
running in the associated VM will see this device as a memory-mapped I/O (MMIO)
device at the specified location.
CAUTION:
If a guest uses the
shmem vdev without considering how much memory
the host has available, any memory allocation by the guest will fail when its memory usage
exceeds the host's
RLIMIT_AS setting specified for the underlying
qvm process.
For more information, see
“Memory”
in the
“Understanding Virtual Environments” chapter.
Restrictions list
You can use the allow and deny options to define
lists of shared memory regions that the guest may or may not access.
By limiting access to shared memory and, hence, allocations of shared memory,
these options help prevent denial-of-service attacks.
You can repeat either of these options multiple times to specify whatever filename
patterns you need to manage the guest's access to shared memory regions.
When specifying filename patterns, you can include wildcard characters such as the
asterisk (*) to indicate multiple shared memory regions for convenience.
We recommend defining either an allow or a deny policy for every named
region used by the VM, including when using wildcard naming.
Note: If you use the command line to enter vdev shmem configuration
information that includes allow or deny options
with wildcard entries, you must use the “\” escape
character before the asterisk to get the instruction through the shell (e.g.,
vdev shmem allow test\*).
For more information about using the shared memory vdev, see “Memory sharing” in the “Using a QNX Hypervisor
System” chapter.
Using the subst option
You can use the subst option to present the host with different
names for shared memory regions for each guest, while presenting the same name to
each guest so you can use the same executables in the different guests. For example,
each guest might see a shared memory region called foomem, but the host would
see these regions as guest0mem, guest1mem, etc.
The following VM configurations produce the result presented above by
substituting guest* for foo:
- VM 0
vdev shmem
subst foo,guest0
create foomem,0xf0000
...
- VM 1
vdev shmem
subst foo,guest1
...
An equivalent result can be achieved by simply adding the guest*
prefix, as follows:
- VM 0
vdev shmem
subst ,guest0
create mem,0xf0000
...
- VM 1
vdev shmem
subst ,guest1
...