aboutsummaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2017-12-11 15:09:37 +1100
committerDavid Gibson <david@gibson.dropbear.id.au>2018-01-17 09:35:24 +1100
commitbe85537d654565e35e359a74b46fc08b7956525c (patch)
tree4b3a596fa2b1a8ca09778277035fe4f26365a7e1 /hw
parentee76a09fc72cfbfab2bb5529320ef7e460adffd8 (diff)
spapr: Validate capabilities on migration
Now that the "pseries" machine type implements optional capabilities (well, one so far) there's the possibility of having different capabilities available at either end of a migration. Although arguably a user error, it would be nice to catch this situation and fail as gracefully as we can. This adds code to migrate the capabilities flags. These aren't pulled directly into the destination's configuration since what the user has specified on the destination command line should take precedence. However, they are checked against the destination capabilities. If the source was using a capability which is absent on the destination, we fail the migration, since that could easily cause a guest crash or other bad behaviour. If the source lacked a capability which is present on the destination we warn, but allow the migration to proceed. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org>
Diffstat (limited to 'hw')
-rw-r--r--hw/ppc/spapr.c6
-rw-r--r--hw/ppc/spapr_caps.c96
2 files changed, 99 insertions, 3 deletions
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 73310bd3ee..3451d0806d 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1589,6 +1589,11 @@ static int spapr_post_load(void *opaque, int version_id)
sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
int err = 0;
+ err = spapr_caps_post_migration(spapr);
+ if (err) {
+ return err;
+ }
+
if (!object_dynamic_cast(OBJECT(spapr->ics), TYPE_ICS_KVM)) {
CPUState *cs;
CPU_FOREACH(cs) {
@@ -1755,6 +1760,7 @@ static const VMStateDescription vmstate_spapr = {
&vmstate_spapr_ov5_cas,
&vmstate_spapr_patb_entry,
&vmstate_spapr_pending_events,
+ &vmstate_spapr_caps,
NULL
}
};
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 3b35b91a5b..cad40fe49a 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -22,6 +22,7 @@
* THE SOFTWARE.
*/
#include "qemu/osdep.h"
+#include "qemu/error-report.h"
#include "qapi/error.h"
#include "qapi/visitor.h"
#include "sysemu/hw_accel.h"
@@ -83,6 +84,93 @@ static sPAPRCapabilities default_caps_with_cpu(sPAPRMachineState *spapr,
return caps;
}
+static bool spapr_caps_needed(void *opaque)
+{
+ sPAPRMachineState *spapr = opaque;
+
+ return (spapr->forced_caps.mask != 0) || (spapr->forbidden_caps.mask != 0);
+}
+
+/* This has to be called from the top-level spapr post_load, not the
+ * caps specific one. Otherwise it wouldn't be called when the source
+ * caps are all defaults, which could still conflict with overridden
+ * caps on the destination */
+int spapr_caps_post_migration(sPAPRMachineState *spapr)
+{
+ uint64_t allcaps = 0;
+ int i;
+ bool ok = true;
+ sPAPRCapabilities dstcaps = spapr->effective_caps;
+ sPAPRCapabilities srccaps;
+
+ srccaps = default_caps_with_cpu(spapr, first_cpu);
+ srccaps.mask |= spapr->mig_forced_caps.mask;
+ srccaps.mask &= ~spapr->mig_forbidden_caps.mask;
+
+ for (i = 0; i < ARRAY_SIZE(capability_table); i++) {
+ sPAPRCapabilityInfo *info = &capability_table[i];
+
+ allcaps |= info->flag;
+
+ if ((srccaps.mask & info->flag) && !(dstcaps.mask & info->flag)) {
+ error_report("cap-%s=on in incoming stream, but off in destination",
+ info->name);
+ ok = false;
+ }
+
+ if (!(srccaps.mask & info->flag) && (dstcaps.mask & info->flag)) {
+ warn_report("cap-%s=off in incoming stream, but on in destination",
+ info->name);
+ }
+ }
+
+ if (spapr->mig_forced_caps.mask & ~allcaps) {
+ error_report(
+ "Unknown capabilities 0x%"PRIx64" enabled in incoming stream",
+ spapr->mig_forced_caps.mask & ~allcaps);
+ ok = false;
+ }
+ if (spapr->mig_forbidden_caps.mask & ~allcaps) {
+ warn_report(
+ "Unknown capabilities 0x%"PRIx64" disabled in incoming stream",
+ spapr->mig_forbidden_caps.mask & ~allcaps);
+ }
+
+ return ok ? 0 : -EINVAL;
+}
+
+static int spapr_caps_pre_save(void *opaque)
+{
+ sPAPRMachineState *spapr = opaque;
+
+ spapr->mig_forced_caps = spapr->forced_caps;
+ spapr->mig_forbidden_caps = spapr->forbidden_caps;
+ return 0;
+}
+
+static int spapr_caps_pre_load(void *opaque)
+{
+ sPAPRMachineState *spapr = opaque;
+
+ spapr->mig_forced_caps = spapr_caps(0);
+ spapr->mig_forbidden_caps = spapr_caps(0);
+ return 0;
+}
+
+const VMStateDescription vmstate_spapr_caps = {
+ .name = "spapr/caps",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = spapr_caps_needed,
+ .pre_save = spapr_caps_pre_save,
+ .pre_load = spapr_caps_pre_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64(mig_forced_caps.mask, sPAPRMachineState),
+ VMSTATE_UINT64(mig_forbidden_caps.mask, sPAPRMachineState),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
void spapr_caps_reset(sPAPRMachineState *spapr)
{
Error *local_err = NULL;
@@ -92,6 +180,11 @@ void spapr_caps_reset(sPAPRMachineState *spapr)
/* First compute the actual set of caps we're running with.. */
caps = default_caps_with_cpu(spapr, first_cpu);
+ /* Remove unnecessary forced/forbidden bits (this will help us
+ * with migration) */
+ spapr->forced_caps.mask &= ~caps.mask;
+ spapr->forbidden_caps.mask &= caps.mask;
+
caps.mask |= spapr->forced_caps.mask;
caps.mask &= ~spapr->forbidden_caps.mask;
@@ -175,9 +268,6 @@ void spapr_caps_validate(sPAPRMachineState *spapr, Error **errp)
error_setg(errp, "Some sPAPR capabilities set both on and off");
return;
}
-
- /* Check for any caps incompatible with other caps. Nothing to do
- * yet */
}
void spapr_caps_add_properties(sPAPRMachineClass *smc, Error **errp)