[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 40/54] spapr: Validate capabilities on migration
From: |
Michael Roth |
Subject: |
[Qemu-stable] [PATCH 40/54] spapr: Validate capabilities on migration |
Date: |
Tue, 6 Feb 2018 13:15:01 -0600 |
From: David Gibson <address@hidden>
Now that the "pseries" machine type implements optional capabilities (well,
one so far) there's the possibility of having different capabilities
available at either end of a migration. Although arguably a user error,
it would be nice to catch this situation and fail as gracefully as we can.
This adds code to migrate the capabilities flags. These aren't pulled
directly into the destination's configuration since what the user has
specified on the destination command line should take precedence. However,
they are checked against the destination capabilities.
If the source was using a capability which is absent on the destination,
we fail the migration, since that could easily cause a guest crash or other
bad behaviour. If the source lacked a capability which is present on the
destination we warn, but allow the migration to proceed.
Signed-off-by: David Gibson <address@hidden>
Reviewed-by: Greg Kurz <address@hidden>
(cherry picked from commit be85537d654565e35e359a74b46fc08b7956525c)
Signed-off-by: Michael Roth <address@hidden>
---
hw/ppc/spapr.c | 6 ++++
hw/ppc/spapr_caps.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++--
include/hw/ppc/spapr.h | 6 ++++
3 files changed, 105 insertions(+), 3 deletions(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 08e4a14340..69ddc4bb23 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1563,6 +1563,11 @@ static int spapr_post_load(void *opaque, int version_id)
sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
int err = 0;
+ err = spapr_caps_post_migration(spapr);
+ if (err) {
+ return err;
+ }
+
if (!object_dynamic_cast(OBJECT(spapr->ics), TYPE_ICS_KVM)) {
CPUState *cs;
CPU_FOREACH(cs) {
@@ -1729,6 +1734,7 @@ static const VMStateDescription vmstate_spapr = {
&vmstate_spapr_ov5_cas,
&vmstate_spapr_patb_entry,
&vmstate_spapr_pending_events,
+ &vmstate_spapr_caps,
NULL
}
};
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 3b35b91a5b..cad40fe49a 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -22,6 +22,7 @@
* THE SOFTWARE.
*/
#include "qemu/osdep.h"
+#include "qemu/error-report.h"
#include "qapi/error.h"
#include "qapi/visitor.h"
#include "sysemu/hw_accel.h"
@@ -83,6 +84,93 @@ static sPAPRCapabilities
default_caps_with_cpu(sPAPRMachineState *spapr,
return caps;
}
+static bool spapr_caps_needed(void *opaque)
+{
+ sPAPRMachineState *spapr = opaque;
+
+ return (spapr->forced_caps.mask != 0) || (spapr->forbidden_caps.mask != 0);
+}
+
+/* This has to be called from the top-level spapr post_load, not the
+ * caps specific one. Otherwise it wouldn't be called when the source
+ * caps are all defaults, which could still conflict with overridden
+ * caps on the destination */
+int spapr_caps_post_migration(sPAPRMachineState *spapr)
+{
+ uint64_t allcaps = 0;
+ int i;
+ bool ok = true;
+ sPAPRCapabilities dstcaps = spapr->effective_caps;
+ sPAPRCapabilities srccaps;
+
+ srccaps = default_caps_with_cpu(spapr, first_cpu);
+ srccaps.mask |= spapr->mig_forced_caps.mask;
+ srccaps.mask &= ~spapr->mig_forbidden_caps.mask;
+
+ for (i = 0; i < ARRAY_SIZE(capability_table); i++) {
+ sPAPRCapabilityInfo *info = &capability_table[i];
+
+ allcaps |= info->flag;
+
+ if ((srccaps.mask & info->flag) && !(dstcaps.mask & info->flag)) {
+ error_report("cap-%s=on in incoming stream, but off in
destination",
+ info->name);
+ ok = false;
+ }
+
+ if (!(srccaps.mask & info->flag) && (dstcaps.mask & info->flag)) {
+ warn_report("cap-%s=off in incoming stream, but on in destination",
+ info->name);
+ }
+ }
+
+ if (spapr->mig_forced_caps.mask & ~allcaps) {
+ error_report(
+ "Unknown capabilities 0x%"PRIx64" enabled in incoming stream",
+ spapr->mig_forced_caps.mask & ~allcaps);
+ ok = false;
+ }
+ if (spapr->mig_forbidden_caps.mask & ~allcaps) {
+ warn_report(
+ "Unknown capabilities 0x%"PRIx64" disabled in incoming stream",
+ spapr->mig_forbidden_caps.mask & ~allcaps);
+ }
+
+ return ok ? 0 : -EINVAL;
+}
+
+static int spapr_caps_pre_save(void *opaque)
+{
+ sPAPRMachineState *spapr = opaque;
+
+ spapr->mig_forced_caps = spapr->forced_caps;
+ spapr->mig_forbidden_caps = spapr->forbidden_caps;
+ return 0;
+}
+
+static int spapr_caps_pre_load(void *opaque)
+{
+ sPAPRMachineState *spapr = opaque;
+
+ spapr->mig_forced_caps = spapr_caps(0);
+ spapr->mig_forbidden_caps = spapr_caps(0);
+ return 0;
+}
+
+const VMStateDescription vmstate_spapr_caps = {
+ .name = "spapr/caps",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = spapr_caps_needed,
+ .pre_save = spapr_caps_pre_save,
+ .pre_load = spapr_caps_pre_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(mig_forced_caps.mask, sPAPRMachineState),
+ VMSTATE_UINT64(mig_forbidden_caps.mask, sPAPRMachineState),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
void spapr_caps_reset(sPAPRMachineState *spapr)
{
Error *local_err = NULL;
@@ -92,6 +180,11 @@ void spapr_caps_reset(sPAPRMachineState *spapr)
/* First compute the actual set of caps we're running with.. */
caps = default_caps_with_cpu(spapr, first_cpu);
+ /* Remove unnecessary forced/forbidden bits (this will help us
+ * with migration) */
+ spapr->forced_caps.mask &= ~caps.mask;
+ spapr->forbidden_caps.mask &= caps.mask;
+
caps.mask |= spapr->forced_caps.mask;
caps.mask &= ~spapr->forbidden_caps.mask;
@@ -175,9 +268,6 @@ void spapr_caps_validate(sPAPRMachineState *spapr, Error
**errp)
error_setg(errp, "Some sPAPR capabilities set both on and off");
return;
}
-
- /* Check for any caps incompatible with other caps. Nothing to do
- * yet */
}
void spapr_caps_add_properties(sPAPRMachineClass *smc, Error **errp)
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 72422690bd..985948b622 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -54,6 +54,8 @@ typedef enum {
* Capabilities
*/
+/* These bits go in the migration stream, so they can't be reassigned */
+
/* Hardware Transactional Memory */
#define SPAPR_CAP_HTM 0x0000000000000001ULL
@@ -142,6 +144,7 @@ struct sPAPRMachineState {
const char *icp_type;
sPAPRCapabilities forced_caps, forbidden_caps;
+ sPAPRCapabilities mig_forced_caps, mig_forbidden_caps;
sPAPRCapabilities effective_caps;
};
@@ -726,6 +729,8 @@ PowerPCCPU *spapr_find_cpu(int vcpu_id);
/*
* Handling of optional capabilities
*/
+extern const VMStateDescription vmstate_spapr_caps;
+
static inline sPAPRCapabilities spapr_caps(uint64_t mask)
{
sPAPRCapabilities caps = { mask };
@@ -740,5 +745,6 @@ static inline bool spapr_has_cap(sPAPRMachineState *spapr,
uint64_t cap)
void spapr_caps_reset(sPAPRMachineState *spapr);
void spapr_caps_validate(sPAPRMachineState *spapr, Error **errp);
void spapr_caps_add_properties(sPAPRMachineClass *smc, Error **errp);
+int spapr_caps_post_migration(sPAPRMachineState *spapr);
#endif /* HW_SPAPR_H */
--
2.11.0
- [Qemu-stable] [PATCH 47/54] target/ppc: introduce the PPC_BIT() macro, (continued)
- [Qemu-stable] [PATCH 47/54] target/ppc: introduce the PPC_BIT() macro, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 48/54] target/ppc/spapr_caps: Add macro to generate spapr_caps migration vmstate, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 46/54] spapr: fix device tree properties when using compatibility mode, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 04/54] qemu-options: Remove stray colons from output of --help, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 54/54] target/ppc/spapr: Add H-Call H_GET_CPU_CHARACTERISTICS, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 53/54] target/ppc/spapr_caps: Add new tristate cap safe_indirect_branch, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 36/54] spapr: don't initialize PATB entry if max-cpu-compat < power9, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 52/54] target/ppc/spapr_caps: Add new tristate cap safe_bounds_check, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 39/54] spapr: Treat Hardware Transactional Memory (HTM) as an optional capability, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 38/54] spapr: Capabilities infrastructure, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 40/54] spapr: Validate capabilities on migration,
Michael Roth <=
- [Qemu-stable] [PATCH 50/54] target/ppc/spapr_caps: Add support for tristate spapr_capabilities, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 51/54] target/ppc/spapr_caps: Add new tristate cap safe_cache, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 07/54] block: Make bdrv_drain_invoke() recursive, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 08/54] block: Call .drain_begin only once in bdrv_drain_all_begin(), Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 05/54] qemu-pr-helper: miscellaneous fixes, Michael Roth, 2018/02/06
- [Qemu-stable] [PATCH 06/54] block/nbd: fix segmentation fault when .desc is not null-terminated, Michael Roth, 2018/02/06
- Re: [Qemu-stable] [Qemu-devel] [PATCH 00/54] Patch Round-up for stable 2.11.1, freeze on 2018-02-12, Thomas Huth, 2018/02/07
- Re: [Qemu-stable] [Qemu-devel] [PATCH 00/54] Patch Round-up for stable 2.11.1, freeze on 2018-02-12, Cornelia Huck, 2018/02/07
- Re: [Qemu-stable] [PATCH 00/54] Patch Round-up for stable 2.11.1, freeze on 2018-02-12, Greg Kurz, 2018/02/07