[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 36/79] s390x/css: catch section mismatch on load
From: |
Michael Roth |
Subject: |
[Qemu-stable] [PATCH 36/79] s390x/css: catch section mismatch on load |
Date: |
Mon, 28 Aug 2017 19:14:11 -0500 |
From: Halil Pasic <address@hidden>
Prior to the virtio-ccw-2.7 machine (and commit 2a79eb1a), our virtio
devices residing under the virtual-css bus do not have qdev_path based
migration stream identifiers (because their qdev_path is NULL). The ids
are instead generated when the device is registered as a composition of
the so called idstr, which takes the vmsd name as its value, and an
instance_id, which is which is calculated as a maximal instance_id
registered with the same idstr plus one, or zero (if none was registered
previously).
That means, under certain circumstances, one device might try, and even
succeed, to load the state of a different device. This can lead to
trouble.
Let us fail the migration if the above problem is detected during load.
How to reproduce the problem:
1) start qemu-system-s390x making sure you have the following devices
defined on your command line:
-device virtio-rng-ccw,id=rng1,devno=fe.0.0001
-device virtio-rng-ccw,id=rng2,devno=fe.0.0002
2) detach the devices and reattach in reverse order using the monitor:
(qemu) device_del rng1
(qemu) device_del rng2
(qemu) device_add virtio-rng-ccw,id=rng2,devno=fe.0.0002
(qemu) device_add virtio-rng-ccw,id=rng1,devno=fe.0.0001
3) save the state of the vm into a temporary file and quit QEMU:
(qemu) migrate "exec:gzip -c > /tmp/tmp_vmstate.gz"
(qemu) q
4) use your command line from step 1 with
-incoming "exec:gzip -c -d /tmp/tmp_vmstate.gz"
appended to reproduce the problem (while trying to to load the saved vm)
CC: address@hidden
Signed-off-by: Halil Pasic <address@hidden>
Reviewed-by: Dong Jia Shi <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Christian Borntraeger <address@hidden>
(cherry picked from commit 8ed179c937830143dc0e03daac30a55272ed89e3)
* removed context dep on d8d98db5
Signed-off-by: Michael Roth <address@hidden>
---
hw/s390x/css.c | 14 ++++++++++++++
hw/s390x/virtio-ccw.c | 6 +++++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index 37caa98..b24e8b7 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -14,6 +14,7 @@
#include "qapi/visitor.h"
#include "hw/qdev.h"
#include "qemu/bitops.h"
+#include "qemu/error-report.h"
#include "exec/address-spaces.h"
#include "cpu.h"
#include "hw/s390x/ioinst.h"
@@ -1676,13 +1677,26 @@ void subch_device_save(SubchDev *s, QEMUFile *f)
int subch_device_load(SubchDev *s, QEMUFile *f)
{
SubchDev *old_s;
+ Error *err = NULL;
uint16_t old_schid = s->schid;
+ uint16_t old_devno = s->devno;
int i;
s->cssid = qemu_get_byte(f);
s->ssid = qemu_get_byte(f);
s->schid = qemu_get_be16(f);
s->devno = qemu_get_be16(f);
+ if (s->devno != old_devno) {
+ /* Only possible if machine < 2.7 (no css_dev_path) */
+
+ error_setg(&err, "%x != %x", old_devno, s->devno);
+ error_append_hint(&err, "Devno mismatch, tried to load wrong section!"
+ " Likely reason: some sequences of plug and unplug"
+ " can break migration for machine versions prior to"
+ " 2.7 (known design flaw).\n");
+ error_report_err(err);
+ return -EINVAL;
+ }
/* Re-assign subch. */
if (old_schid != s->schid) {
old_s = channel_subsys.css[s->cssid]->sch_set[s->ssid]->sch[old_schid];
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index 00b3bde..c0c1db8 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -1264,9 +1264,13 @@ static int virtio_ccw_load_config(DeviceState *d,
QEMUFile *f)
SubchDev *s = ccw_dev->sch;
VirtIODevice *vdev = virtio_ccw_get_vdev(s);
int len;
+ int ret;
s->driver_data = dev;
- subch_device_load(s, f);
+ ret = subch_device_load(s, f);
+ if (ret) {
+ return ret;
+ }
len = qemu_get_be32(f);
if (len != 0) {
dev->indicators = get_indicator(qemu_get_be64(f), len);
--
2.7.4
- [Qemu-stable] [PATCH 27/79] target/xtensa: fix return value of read/write simcalls, (continued)
- [Qemu-stable] [PATCH 27/79] target/xtensa: fix return value of read/write simcalls, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 28/79] curl: strengthen assertion in curl_clean_state, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 24/79] block: Add errp to b{lk, drv}_truncate(), Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 30/79] curl: avoid recursive locking of BDRVCURLState mutex, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 33/79] virtio: allow broken device to notify guest, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 35/79] e1000e: Fix ICR "Other" causes clear logic, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 29/79] curl: never invoke callbacks with s->mutex held, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 18/79] qobject: Use simpler QDict/QList scalar insertion macros, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 03/79] qemu-img/convert: Always set ret < 0 on error, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 32/79] vvfat: fix qemu-img map and qemu-img convert, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 36/79] s390x/css: catch section mismatch on load,
Michael Roth <=
- [Qemu-stable] [PATCH 02/79] dirty-bitmap: Report BlockDirtyInfo.count in bytes, as documented, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 39/79] blkdebug: Refactor error injection, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 43/79] tests: Add coverage for recent block geometry fixes, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 40/79] blkdebug: Add pass-through write_zero and discard support, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 31/79] stream: fix crash in stream_start() when block_job_create() fails, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 34/79] virtio-scsi: Unset hotplug handler when unrealize, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 46/79] mirror: Drop permissions on s->target on completion, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 37/79] virtio-net: fix wild pointer when remove virtio-net queues, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 44/79] block: Simplify BDRV_BLOCK_RAW recursion, Michael Roth, 2017/08/28
- [Qemu-stable] [PATCH 50/79] monitor: fix object_del for command-line-created objects, Michael Roth, 2017/08/28