From: Greg Kurz <groug@kaod.org>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc@nongnu.org, "Cédric Le Goater" <clg@kaod.org>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH for-4.2] xics/kvm: Convert assert() to error_setg()
Date: Fri, 5 Jul 2019 15:40:00 +0200 [thread overview]
Message-ID: <20190705154000.78f67bc9@bahia.lan> (raw)
In-Reply-To: <20190705045623.GB3266@umbus.fritz.box>
On Fri, 5 Jul 2019 14:56:23 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:
> On Thu, Jul 04, 2019 at 10:12:04AM +0200, Greg Kurz wrote:
> > On Thu, 4 Jul 2019 10:23:57 +1000
> > David Gibson <david@gibson.dropbear.id.au> wrote:
> >
> > > On Wed, Jul 03, 2019 at 07:50:12PM +0200, Greg Kurz wrote:
> > > > ics_set_kvm_state_one() is called either during reset, in which case
> > > > both 'saved priority' and 'current priority' are equal to 0xff, or
> > > > during migration. In the latter case, 'saved priority' may differ
> > > > from 'current priority' only if the interrupt had been masked with
> > > > the ibm,int-off RTAS call. Instead of aborting QEMU, print out an
> > > > error and exit.
> > >
> > > What's the rationale for this? Doesn't hitting this indicate an error
> > > in the qemu code, for which an abort is the usual response?
> > >
> >
> > This error can be hit by the destination during migration if the
> > incoming stream is corrupted. Aborting in this case would mislead
> > the user into suspecting a bug in the destination QEMU, which isn't
> > the case.
>
> Rather than a bug in the source qemu? I guess so.
>
A bug in the source QEMU for live migration or a corrupted snapshot
for load_vm, which could result from a qcow2 file corruption for
example.
> > Appart from that, when the in-kernel XICS is in use, only two functions
> > manipulate the ICS state: ics_set_kvm_state_one() and ics_get_kvm_state().
> > The code is trivial enough that I don't see a great value in the assert
> > in the first place... BTW, it comes from the commit:
> >
> > commit 11ad93f68195f68cc94d988f2aa50b4d190ee52a
> > Author: David Gibson <david@gibson.dropbear.id.au>
> > Date: Thu Sep 26 16:18:44 2013 +1000
> >
> > xics-kvm: Support for in-kernel XICS interrupt controller
> >
> > Maybe you remember some context that justified the assert at the
> > time ?
>
> It was probably mostly about documenting the invariants that are
> supposed to apply here.
>
Indeed this error on the reset path is very likely a bug in QEMU,
and the assert() makes sense in this case.
I'm convinced by the documenting argument. Please forget this patch :)
> >
> > > >
> > > > Based-on: <156217454083.559957.7359208229523652842.stgit@bahia.lan>
> > > > Signed-off-by: Greg Kurz <groug@kaod.org>
> > > > ---
> > > >
> > > > This isn't a bugfix, hence targetting 4.2, but it depends on an actual
> > > > fix for 4.1, as mentionned in the Based-on tag.
> > > > ---
> > > > hw/intc/xics_kvm.c | 17 +++++++++++++++--
> > > > 1 file changed, 15 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
> > > > index 2df1f3e92c7e..f8758b928250 100644
> > > > --- a/hw/intc/xics_kvm.c
> > > > +++ b/hw/intc/xics_kvm.c
> > > > @@ -255,8 +255,21 @@ int ics_set_kvm_state_one(ICSState *ics, int srcno, Error **errp)
> > > > state = irq->server;
> > > > state |= (uint64_t)(irq->saved_priority & KVM_XICS_PRIORITY_MASK)
> > > > << KVM_XICS_PRIORITY_SHIFT;
> > > > - if (irq->priority != irq->saved_priority) {
> > > > - assert(irq->priority == 0xff);
> > > > +
> > > > + /*
> > > > + * An interrupt can be masked either because the ICS is resetting, in
> > > > + * which case we expect 'current priority' and 'saved priority' to be
> > > > + * equal to 0xff, or because the guest has called the ibm,int-off RTAS
> > > > + * call, in which case we we have recorded the priority the interrupt
> > > > + * had before it was masked in 'saved priority'. If the interrupt isn't
> > > > + * masked, 'saved priority' and 'current priority' are equal (see
> > > > + * ics_get_kvm_state()). Make sure we restore a sane state, otherwise
> > > > + * fail migration.
> > > > + */
> > > > + if (irq->priority != irq->saved_priority && irq->priority != 0xff) {
> > > > + error_setg(errp, "Corrupted state detected for interrupt source %d",
> > > > + srcno);
> > > > + return -EINVAL;
> > > > }
> > > >
> > > > if (irq->priority == 0xff) {
> > > >
> > >
> >
>
prev parent reply other threads:[~2019-07-05 13:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-03 17:50 [Qemu-devel] [PATCH for-4.2] xics/kvm: Convert assert() to error_setg() Greg Kurz
2019-07-03 23:30 ` no-reply
2019-07-04 0:23 ` David Gibson
2019-07-04 8:12 ` Greg Kurz
2019-07-05 4:56 ` David Gibson
2019-07-05 13:40 ` Greg Kurz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190705154000.78f67bc9@bahia.lan \
--to=groug@kaod.org \
--cc=clg@kaod.org \
--cc=david@gibson.dropbear.id.au \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.