thebeanogamer / rpms / qemu-kvm

Forked from rpms/qemu-kvm 6 months ago
Clone

Blame SOURCES/kvm-migration-check-magic-value-for-deciding-the-mapping.patch

bf143f
From f21a343af4b4d0c6e5181ae0abd0f6280dc8296c Mon Sep 17 00:00:00 2001
bf143f
From: "manish.mishra" <manish.mishra@nutanix.com>
bf143f
Date: Tue, 20 Dec 2022 18:44:18 +0000
bf143f
Subject: [PATCH 2/3] migration: check magic value for deciding the mapping of
bf143f
 channels
bf143f
MIME-Version: 1.0
bf143f
Content-Type: text/plain; charset=UTF-8
bf143f
Content-Transfer-Encoding: 8bit
bf143f
bf143f
RH-Author: Peter Xu <peterx@redhat.com>
bf143f
RH-MergeRequest: 258: migration: Fix multifd crash due to channel disorder
bf143f
RH-Bugzilla: 2137740
bf143f
RH-Acked-by: quintela1 <quintela@redhat.com>
bf143f
RH-Acked-by: Leonardo BrĂ¡s <leobras@redhat.com>
bf143f
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
bf143f
RH-Commit: [2/2] f97bebef3d3e372cfd660e5ddb6cffba791840d2
bf143f
bf143f
Conflicts:
bf143f
        migration/migration.c
bf143f
        migration/multifd.c
bf143f
        migration/postcopy-ram.c
bf143f
        migration/postcopy-ram.h
bf143f
bf143f
        There're a bunch of conflicts due to missing upstream patches on
bf143f
        e.g. on qemufile reworks, postcopy preempt.  We don't plan to have
bf143f
        preempt in rhel8 at all, probably the same as the rest.
bf143f
bf143f
Current logic assumes that channel connections on the destination side are
bf143f
always established in the same order as the source and the first one will
bf143f
always be the main channel followed by the multifid or post-copy
bf143f
preemption channel. This may not be always true, as even if a channel has a
bf143f
connection established on the source side it can be in the pending state on
bf143f
the destination side and a newer connection can be established first.
bf143f
Basically causing out of order mapping of channels on the destination side.
bf143f
Currently, all channels except post-copy preempt send a magic number, this
bf143f
patch uses that magic number to decide the type of channel. This logic is
bf143f
applicable only for precopy(multifd) live migration, as mentioned, the
bf143f
post-copy preempt channel does not send any magic number. Also, tls live
bf143f
migrations already does tls handshake before creating other channels, so
bf143f
this issue is not possible with tls, hence this logic is avoided for tls
bf143f
live migrations. This patch uses read peek to check the magic number of
bf143f
channels so that current data/control stream management remains
bf143f
un-effected.
bf143f
bf143f
Reviewed-by: Peter Xu <peterx@redhat.com>
bf143f
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
bf143f
Reviewed-by: Juan Quintela <quintela@redhat.com>
bf143f
Suggested-by: Daniel P. Berrange <berrange@redhat.com>
bf143f
Signed-off-by: manish.mishra <manish.mishra@nutanix.com>
bf143f
Signed-off-by: Juan Quintela <quintela@redhat.com>
bf143f
(cherry picked from commit 6720c2b32725e6ac404f22851a0ecd0a71d0cbe2)
bf143f
Signed-off-by: Peter Xu <peterx@redhat.com>
bf143f
---
bf143f
 migration/channel.c   | 45 ++++++++++++++++++++++++++++++++++++++
bf143f
 migration/channel.h   |  5 +++++
bf143f
 migration/migration.c | 51 +++++++++++++++++++++++++++++++------------
bf143f
 migration/multifd.c   | 19 ++++++++--------
bf143f
 migration/multifd.h   |  2 +-
bf143f
 5 files changed, 98 insertions(+), 24 deletions(-)
bf143f
bf143f
diff --git a/migration/channel.c b/migration/channel.c
bf143f
index 086b5c0d8b..ee308fef23 100644
bf143f
--- a/migration/channel.c
bf143f
+++ b/migration/channel.c
bf143f
@@ -98,3 +98,48 @@ void migration_channel_connect(MigrationState *s,
bf143f
     g_free(s->hostname);
bf143f
     error_free(error);
bf143f
 }
bf143f
+
bf143f
+
bf143f
+/**
bf143f
+ * @migration_channel_read_peek - Peek at migration channel, without
bf143f
+ *     actually removing it from channel buffer.
bf143f
+ *
bf143f
+ * @ioc: the channel object
bf143f
+ * @buf: the memory region to read data into
bf143f
+ * @buflen: the number of bytes to read in @buf
bf143f
+ * @errp: pointer to a NULL-initialized error object
bf143f
+ *
bf143f
+ * Returns 0 if successful, returns -1 and sets @errp if fails.
bf143f
+ */
bf143f
+int migration_channel_read_peek(QIOChannel *ioc,
bf143f
+                                const char *buf,
bf143f
+                                const size_t buflen,
bf143f
+                                Error **errp)
bf143f
+{
bf143f
+    ssize_t len = 0;
bf143f
+    struct iovec iov = { .iov_base = (char *)buf, .iov_len = buflen };
bf143f
+
bf143f
+    while (true) {
bf143f
+        len = qio_channel_readv_full(ioc, &iov, 1, NULL, NULL,
bf143f
+                                     QIO_CHANNEL_READ_FLAG_MSG_PEEK, errp);
bf143f
+
bf143f
+        if (len <= 0 && len != QIO_CHANNEL_ERR_BLOCK) {
bf143f
+            error_setg(errp,
bf143f
+                       "Failed to peek at channel");
bf143f
+            return -1;
bf143f
+        }
bf143f
+
bf143f
+        if (len == buflen) {
bf143f
+            break;
bf143f
+        }
bf143f
+
bf143f
+        /* 1ms sleep. */
bf143f
+        if (qemu_in_coroutine()) {
bf143f
+            qemu_co_sleep_ns(QEMU_CLOCK_REALTIME, 1000000);
bf143f
+        } else {
bf143f
+            g_usleep(1000);
bf143f
+        }
bf143f
+    }
bf143f
+
bf143f
+    return 0;
bf143f
+}
bf143f
diff --git a/migration/channel.h b/migration/channel.h
bf143f
index 67a461c28a..5bdb8208a7 100644
bf143f
--- a/migration/channel.h
bf143f
+++ b/migration/channel.h
bf143f
@@ -24,4 +24,9 @@ void migration_channel_connect(MigrationState *s,
bf143f
                                QIOChannel *ioc,
bf143f
                                const char *hostname,
bf143f
                                Error *error_in);
bf143f
+
bf143f
+int migration_channel_read_peek(QIOChannel *ioc,
bf143f
+                                const char *buf,
bf143f
+                                const size_t buflen,
bf143f
+                                Error **errp);
bf143f
 #endif
bf143f
diff --git a/migration/migration.c b/migration/migration.c
bf143f
index d8b24a2c91..0885549de0 100644
bf143f
--- a/migration/migration.c
bf143f
+++ b/migration/migration.c
bf143f
@@ -32,6 +32,7 @@
bf143f
 #include "savevm.h"
bf143f
 #include "qemu-file-channel.h"
bf143f
 #include "qemu-file.h"
bf143f
+#include "channel.h"
bf143f
 #include "migration/vmstate.h"
bf143f
 #include "block/block.h"
bf143f
 #include "qapi/error.h"
bf143f
@@ -637,10 +638,6 @@ static bool migration_incoming_setup(QEMUFile *f, Error **errp)
bf143f
 {
bf143f
     MigrationIncomingState *mis = migration_incoming_get_current();
bf143f
 
bf143f
-    if (multifd_load_setup(errp) != 0) {
bf143f
-        return false;
bf143f
-    }
bf143f
-
bf143f
     if (!mis->from_src_file) {
bf143f
         mis->from_src_file = f;
bf143f
     }
bf143f
@@ -701,10 +698,42 @@ void migration_fd_process_incoming(QEMUFile *f, Error **errp)
bf143f
 void migration_ioc_process_incoming(QIOChannel *ioc, Error **errp)
bf143f
 {
bf143f
     MigrationIncomingState *mis = migration_incoming_get_current();
bf143f
+    bool default_channel = true;
bf143f
+    uint32_t channel_magic = 0;
bf143f
     Error *local_err = NULL;
bf143f
-    bool start_migration;
bf143f
+    int ret = 0;
bf143f
 
bf143f
-    if (!mis->from_src_file) {
bf143f
+    if (migrate_use_multifd() && !migrate_postcopy_ram() &&
bf143f
+        qio_channel_has_feature(ioc, QIO_CHANNEL_FEATURE_READ_MSG_PEEK)) {
bf143f
+        /*
bf143f
+         * With multiple channels, it is possible that we receive channels
bf143f
+         * out of order on destination side, causing incorrect mapping of
bf143f
+         * source channels on destination side. Check channel MAGIC to
bf143f
+         * decide type of channel. Please note this is best effort, postcopy
bf143f
+         * preempt channel does not send any magic number so avoid it for
bf143f
+         * postcopy live migration. Also tls live migration already does
bf143f
+         * tls handshake while initializing main channel so with tls this
bf143f
+         * issue is not possible.
bf143f
+         */
bf143f
+        ret = migration_channel_read_peek(ioc, (void *)&channel_magic,
bf143f
+                                          sizeof(channel_magic), &local_err);
bf143f
+
bf143f
+        if (ret != 0) {
bf143f
+            error_propagate(errp, local_err);
bf143f
+            return;
bf143f
+        }
bf143f
+
bf143f
+        default_channel = (channel_magic == cpu_to_be32(QEMU_VM_FILE_MAGIC));
bf143f
+    } else {
bf143f
+        default_channel = !mis->from_src_file;
bf143f
+    }
bf143f
+
bf143f
+    if (multifd_load_setup(errp) != 0) {
bf143f
+        error_setg(errp, "Failed to setup multifd channels");
bf143f
+        return;
bf143f
+    }
bf143f
+
bf143f
+    if (default_channel) {
bf143f
         /* The first connection (multifd may have multiple) */
bf143f
         QEMUFile *f = qemu_fopen_channel_input(ioc);
bf143f
 
bf143f
@@ -716,23 +745,17 @@ void migration_ioc_process_incoming(QIOChannel *ioc, Error **errp)
bf143f
         if (!migration_incoming_setup(f, errp)) {
bf143f
             return;
bf143f
         }
bf143f
-
bf143f
-        /*
bf143f
-         * Common migration only needs one channel, so we can start
bf143f
-         * right now.  Multifd needs more than one channel, we wait.
bf143f
-         */
bf143f
-        start_migration = !migrate_use_multifd();
bf143f
     } else {
bf143f
         /* Multiple connections */
bf143f
         assert(migrate_use_multifd());
bf143f
-        start_migration = multifd_recv_new_channel(ioc, &local_err);
bf143f
+        multifd_recv_new_channel(ioc, &local_err);
bf143f
         if (local_err) {
bf143f
             error_propagate(errp, local_err);
bf143f
             return;
bf143f
         }
bf143f
     }
bf143f
 
bf143f
-    if (start_migration) {
bf143f
+    if (migration_has_all_channels()) {
bf143f
         migration_incoming_process();
bf143f
     }
bf143f
 }
bf143f
diff --git a/migration/multifd.c b/migration/multifd.c
bf143f
index 7c16523e6b..75ac052d2f 100644
bf143f
--- a/migration/multifd.c
bf143f
+++ b/migration/multifd.c
bf143f
@@ -1183,9 +1183,14 @@ int multifd_load_setup(Error **errp)
bf143f
     uint32_t page_count = MULTIFD_PACKET_SIZE / qemu_target_page_size();
bf143f
     uint8_t i;
bf143f
 
bf143f
-    if (!migrate_use_multifd()) {
bf143f
+    /*
bf143f
+     * Return successfully if multiFD recv state is already initialised
bf143f
+     * or multiFD is not enabled.
bf143f
+     */
bf143f
+    if (multifd_recv_state || !migrate_use_multifd()) {
bf143f
         return 0;
bf143f
     }
bf143f
+
bf143f
     if (!migrate_multifd_is_allowed()) {
bf143f
         error_setg(errp, "multifd is not supported by current protocol");
bf143f
         return -1;
bf143f
@@ -1244,11 +1249,9 @@ bool multifd_recv_all_channels_created(void)
bf143f
 
bf143f
 /*
bf143f
  * Try to receive all multifd channels to get ready for the migration.
bf143f
- * - Return true and do not set @errp when correctly receiving all channels;
bf143f
- * - Return false and do not set @errp when correctly receiving the current one;
bf143f
- * - Return false and set @errp when failing to receive the current channel.
bf143f
+ * Sets @errp when failing to receive the current channel.
bf143f
  */
bf143f
-bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
bf143f
+void multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
bf143f
 {
bf143f
     MultiFDRecvParams *p;
bf143f
     Error *local_err = NULL;
bf143f
@@ -1261,7 +1264,7 @@ bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
bf143f
                                 "failed to receive packet"
bf143f
                                 " via multifd channel %d: ",
bf143f
                                 qatomic_read(&multifd_recv_state->count));
bf143f
-        return false;
bf143f
+        return;
bf143f
     }
bf143f
     trace_multifd_recv_new_channel(id);
bf143f
 
bf143f
@@ -1271,7 +1274,7 @@ bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
bf143f
                    id);
bf143f
         multifd_recv_terminate_threads(local_err);
bf143f
         error_propagate(errp, local_err);
bf143f
-        return false;
bf143f
+        return;
bf143f
     }
bf143f
     p->c = ioc;
bf143f
     object_ref(OBJECT(ioc));
bf143f
@@ -1282,6 +1285,4 @@ bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp)
bf143f
     qemu_thread_create(&p->thread, p->name, multifd_recv_thread, p,
bf143f
                        QEMU_THREAD_JOINABLE);
bf143f
     qatomic_inc(&multifd_recv_state->count);
bf143f
-    return qatomic_read(&multifd_recv_state->count) ==
bf143f
-           migrate_multifd_channels();
bf143f
 }
bf143f
diff --git a/migration/multifd.h b/migration/multifd.h
bf143f
index 11d5e273e6..9c0a2a0701 100644
bf143f
--- a/migration/multifd.h
bf143f
+++ b/migration/multifd.h
bf143f
@@ -20,7 +20,7 @@ void multifd_save_cleanup(void);
bf143f
 int multifd_load_setup(Error **errp);
bf143f
 int multifd_load_cleanup(Error **errp);
bf143f
 bool multifd_recv_all_channels_created(void);
bf143f
-bool multifd_recv_new_channel(QIOChannel *ioc, Error **errp);
bf143f
+void multifd_recv_new_channel(QIOChannel *ioc, Error **errp);
bf143f
 void multifd_recv_sync_main(void);
bf143f
 int multifd_send_sync_main(QEMUFile *f);
bf143f
 int multifd_queue_page(QEMUFile *f, RAMBlock *block, ram_addr_t offset);
bf143f
-- 
bf143f
2.37.3
bf143f