diff options
| author | David Hildenbrand <david@redhat.com> | 2021-04-29 13:27:06 +0200 |
|---|---|---|
| committer | Dr. David Alan Gilbert <dgilbert@redhat.com> | 2021-05-13 18:21:14 +0100 |
| commit | 898ba906ccb85ba17d65e64a31cc13128803ef86 (patch) | |
| tree | 1093d1525e1588c44424e9f3663f6c29ceb1a2a9 /migration/ram.c | |
| parent | 6a23f6399a1f8807447f8680f80e4d536522683e (diff) | |
migration/ram: Handle RAM block resizes during postcopy
Resizing while migrating is dangerous and does not work as expected.
The whole migration code works with the usable_length of a ram block and
does not expect this value to change at random points in time.
In the case of postcopy, relying on used_length is racy as soon as the
guest is running. Also, when used_length changes we might leave the
uffd handler registered for some memory regions, reject valid pages
when migrating and fail when sending the recv bitmap to the source.
Resizing can be trigger *after* (but not during) a reset in
ACPI code by the guest
- hw/arm/virt-acpi-build.c:acpi_ram_update()
- hw/i386/acpi-build.c:acpi_ram_update()
Let's remember the original used_length in a separate variable and
use it in relevant postcopy code. Make sure to update it when we resize
during precopy, when synchronizing the RAM block sizes with the source.
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210429112708.12291-9-david@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Diffstat (limited to 'migration/ram.c')
| -rw-r--r-- | migration/ram.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/migration/ram.c b/migration/ram.c index 26ed42b87d..6d09ca78bc 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -240,7 +240,7 @@ int64_t ramblock_recv_bitmap_send(QEMUFile *file, return -1; } - nbits = block->used_length >> TARGET_PAGE_BITS; + nbits = block->postcopy_length >> TARGET_PAGE_BITS; /* * Make sure the tmp bitmap buffer is big enough, e.g., on 32bit @@ -3530,7 +3530,13 @@ static int ram_load_postcopy(QEMUFile *f) break; } - if (!offset_in_ramblock(block, addr)) { + /* + * Relying on used_length is racy and can result in false positives. + * We might place pages beyond used_length in case RAM was shrunk + * while in postcopy, which is fine - trying to place via + * UFFDIO_COPY/UFFDIO_ZEROPAGE will never segfault. + */ + if (!block->host || addr >= block->postcopy_length) { error_report("Illegal RAM offset " RAM_ADDR_FMT, addr); ret = -EINVAL; break; @@ -4143,6 +4149,7 @@ static void ram_mig_ram_block_resized(RAMBlockNotifier *n, void *host, rb->idstr); } } + rb->postcopy_length = new_size; break; case POSTCOPY_INCOMING_NONE: case POSTCOPY_INCOMING_RUNNING: |