fix(discovery): derive the below-4G split robustly from fragmented mtree

host_probe derived the guest's below-4G split (vmie `low`) by taking the first GPA-0 RAM run in `info mtree -f`. When low RAM is fragmented by overlay pages (Hyper-V SynIC) and blackhole holes (smbase/tseg), that first run is a tiny fragment, so the split came out far too small and host_bootstrap could never recover the System DTB — the memctx context was never published. Extract a pure parser, mtree_low_split(): anchor on the system flatview, take `low` from the @file-offset of the high-RAM region at GPA >= 4 GiB (which equals the split by construction), cross-validate against the PCI-hole base, and fail closed when it can't be derived. QMP-reply un-escaping moves to the transport boundary so the parser works on plain text. Unit-tested against a synthetic fragmented flatview including a decoy non-system address space. postinst also hints to restart the daemon after an upgrade (a running instance keeps the old build until restarted). Bump 0.3.6.
2026-06-26 04:36:37 +03:00 · 2026-06-24 14:26:50 +03:00
parent 26e5ab4709
commit 3142337e62
7 changed files with 372 additions and 25 deletions
@@ -0,0 +1,12 @@
+#ifndef VMSIG_MTREE_H
+#define VMSIG_MTREE_H
+
+#include <stdint.h>
+
+/* Derive the below-4G split (== vmie `low`: low-RAM GPA bound AND high-RAM file offset)
+ * from `info mtree -f` text. Operates on the system flatview only. FAIL-CLOSED: 0 if the
+ * split cannot be derived with confidence. `text` is plain UTF-8 with real '\n'
+ * (the caller un-escapes the QMP JSON string first). */
+uint64_t mtree_low_split(const char* text);
+
+#endif /* VMSIG_MTREE_H */