From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57597)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <gkurz@linux.vnet.ibm.com>) id 1XuK1E-0007xs-3Z
	for qemu-devel@nongnu.org; Fri, 28 Nov 2014 06:47:30 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <gkurz@linux.vnet.ibm.com>) id 1XuK17-00054r-KK
	for qemu-devel@nongnu.org; Fri, 28 Nov 2014 06:47:24 -0500
Received: from e06smtp14.uk.ibm.com ([195.75.94.110]:52594)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <gkurz@linux.vnet.ibm.com>) id 1XuK17-00054k-C2
	for qemu-devel@nongnu.org; Fri, 28 Nov 2014 06:47:17 -0500
Received: from /spool/local
	by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <gkurz@linux.vnet.ibm.com>;
	Fri, 28 Nov 2014 11:47:15 -0000
Received: from b06cxnps3074.portsmouth.uk.ibm.com
	(d06relay09.portsmouth.uk.ibm.com [9.149.109.194])
	by d06dlp01.portsmouth.uk.ibm.com (Postfix) with ESMTP id 59C3917D805D
	for <qemu-devel@nongnu.org>; Fri, 28 Nov 2014 11:47:28 +0000 (GMT)
Received: from d06av05.portsmouth.uk.ibm.com (d06av05.portsmouth.uk.ibm.com
	[9.149.37.229])
	by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id sASBlBjV17825886
	for <qemu-devel@nongnu.org>; Fri, 28 Nov 2014 11:47:11 GMT
Received: from d06av05.portsmouth.uk.ibm.com (localhost [127.0.0.1])
	by d06av05.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with
	ESMTP id sASBlBAR032207
	for <qemu-devel@nongnu.org>; Fri, 28 Nov 2014 04:47:11 -0700
Date: Fri, 28 Nov 2014 12:47:06 +0100
From: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-ID: <20141128124706.1df2cb1e@bahia.local>
In-Reply-To: <CAFEAcA9vuguBQSTdj4Hy35ZDFkOqVoHwiWp6nuC-yBMrPgU6zQ@mail.gmail.com>
References: <1417067290-20715-1-git-send-email-david@gibson.dropbear.id.au>
	<87y4qxj8o5.fsf@blackfin.pond.sub.org>
	<CAFEAcA9vuguBQSTdj4Hy35ZDFkOqVoHwiWp6nuC-yBMrPgU6zQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] Fix for crash after migration in
 virtio-rng on bi-endian targets
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: "Michael S. Tsirkin" <mst@redhat.com>, Markus Armbruster <armbru@redhat.com>, Rusty Russell <rusty@rustcorp.com.au>, QEMU Developers <qemu-devel@nongnu.org>, Alexander Graf <agraf@suse.de>, Juan Quintela <quintela@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, David Gibson <david@gibson.dropbear.id.au>

On Fri, 28 Nov 2014 09:14:46 +0000
Peter Maydell <peter.maydell@linaro.org> wrote:
> On 27 November 2014 at 09:26, Markus Armbruster <armbru@redhat.com> wrote:
> > David Gibson <david@gibson.dropbear.id.au> writes:
> >
> >> VirtIO devices now remember which endianness they're operating in in order
> >> to support targets which may have guests of either endianness, such as
> >> powerpc.  This endianness state is transferred in a subsection of the
> >> virtio device's information.
> >>
> >> With virtio-rng this can lead to an abort after a loadvm hitting the
> >> assert() in virtio_is_big_endian().  This can be reproduced by doing a
> >> migrate and load from file on a bi-endian target with a virtio-rng device.
> >> The actual guest state isn't particularly important to triggering this.
> >>
> >> The cause is that virtio_rng_load_device() calls virtio_rng_process() which
> >> accesses the ring and thus needs the endianness.  However,
> >> virtio_rng_process() is called via virtio_load() before it loads the
> >> subsections.  Essentially the ->load callback in VirtioDeviceClass should
> >> only be used for actually reading the device state from the stream, not for
> >> post-load re-initialization.
> >>
> >> This patch fixes the bug by moving the virtio_rng_process() after the call
> >> to virtio_load().  Better yet would be to convert virtio to use vmsd and
> >> have the virtio_rng_process() as a post_load callback, but that's a bigger
> >> project for another day.
> >>
> >> This is bugfix, and should be considered for the 2.2 branch.
> >
> > "[PATCH for-2.2]" would have been a good idea then.  Next time :)
> 
> So do you want this patch in 2.2? I was planning to put in the
> virtio-vs-xen fixes today and tag rc4, so it's not too late if you're
> confident this patch is good. Let me know if you think it should go in,
> and I can apply it to master directly.
> 
> -- PMM
> 

Peter,

FWIW I think it should. Commit 3902d49e13c2428bd6381cfdf183103ca4477c1f is
clearly bad: virtio-rng does not need the .load callback obviously... and
the fact it breaks migration makes it even worse... :(

Please apply to 2.2.

Cheers.

--
Greg