[Qemu-devel] [PATCH 0/2] virtio: migration fixes for memory region cache

[Qemu-devel] [PATCH 0/2] virtio: migration fixes for memory region cache

[Stefan Hajnoczi]

Bug fixes for the recently added memory region cache in virtio.  This series
fixes live migration, see patches for details.

Stefan Hajnoczi (2):
  virtio: invalidate memory in vring_set_avail_event()
  virtio: add missing region cache init in virtio_load()

 hw/virtio/virtio.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

-- 
2.9.3

[Qemu-devel] [PATCH 1/2] virtio: invalidate memory in vring_set_avail_event()

[Stefan Hajnoczi]

Remember to invalidate the avail event field so the memory pages are
marked dirty.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/virtio/virtio.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 23483c7..da5c6fe 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -282,6 +282,7 @@ static inline void vring_set_avail_event(VirtQueue *vq, uint16_t val)
     caches = atomic_rcu_read(&vq->vring.caches);
     pa = offsetof(VRingUsed, ring[vq->vring.num]);
     virtio_stw_phys_cached(vq->vdev, &caches->used, pa, val);
+    address_space_cache_invalidate(&caches->used, pa, sizeof(val));
 }
 
 void virtio_queue_set_notification(VirtQueue *vq, int enable)
-- 
2.9.3

[Qemu-devel] [PATCH 2/2] virtio: add missing region cache init in virtio_load()

[Stefan Hajnoczi]

Commit 97cd965c070152bc626c7507df9fb356bbe1cd81 ("virtio: use
VRingMemoryRegionCaches for avail and used rings") switched to a memory
region cache to avoid repeated map/unmap operations.

The virtio_load() process is a little tricky because vring addresses are
serialized in two separate places.  VIRTIO 1.0 devices serialize desc
and then a subsection with used and avail.  Legacy devices only
serialize desc.

Live migration of VIRTIO 1.0 devices fails on the destination host with:

  VQ 0 size 0x80 < last_avail_idx 0x12f8 - used_idx 0x0
  Failed to load virtio-blk:virtio
  error while loading state for instance 0x0 of device '0000:00:04.0/virtio-blk'

This happens because the memory region cache is only initialized after
desc is loaded and not after the used and avail subsection is loaded.
If the guest chose memory addresses that don't match the legacy ring
layout then the wrong guest memory location is accessed.

Clarify comments about VIRTIO 1.0 and force memory region cache
initialization at the point where all ring addresses are known.

Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/virtio/virtio.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index da5c6fe..5bbc34b 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1853,7 +1853,10 @@ void virtio_save(VirtIODevice *vdev, QEMUFile *f)
         if (k->has_variable_vring_alignment) {
             qemu_put_be32(f, vdev->vq[i].vring.align);
         }
-        /* XXX virtio-1 devices */
+        /*
+         * Save desc now, the rest of the ring addresses are saved in
+         * subsections for VIRTIO-1 devices.
+         */
         qemu_put_be64(f, vdev->vq[i].vring.desc);
         qemu_put_be16s(f, &vdev->vq[i].last_avail_idx);
         if (k->save_queue) {
@@ -1995,7 +1998,10 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
         vdev->vq[i].notification = true;
 
         if (vdev->vq[i].vring.desc) {
-            /* XXX virtio-1 devices */
+            /*
+             * VIRTIO-1 devices may not have final ring addresses here.  The
+             * used and avail ring addresses are loaded in subsections later.
+             */
             virtio_queue_update_rings(vdev, i);
         } else if (vdev->vq[i].last_avail_idx) {
             error_report("VQ %d address 0x0 "
@@ -2062,6 +2068,10 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
     for (i = 0; i < num; i++) {
         if (vdev->vq[i].vring.desc) {
             uint16_t nheads;
+
+            /* All ring addresses have been loaded now... */
+            virtio_init_region_cache(vdev, i);
+
             nheads = vring_avail_idx(&vdev->vq[i]) - vdev->vq[i].last_avail_idx;
             /* Check it isn't doing strange things with descriptor numbers. */
             if (nheads > vdev->vq[i].vring.num) {
-- 
2.9.3

Re: [Qemu-devel] [PATCH 2/2] virtio: add missing region cache init in virtio_load()

[Cornelia Huck]

On Tue, 21 Feb 2017 18:59:01 +0000
Stefan Hajnoczi <stefanha@redhat.com> wrote:

> Commit 97cd965c070152bc626c7507df9fb356bbe1cd81 ("virtio: use
> VRingMemoryRegionCaches for avail and used rings") switched to a memory
> region cache to avoid repeated map/unmap operations.
> 
> The virtio_load() process is a little tricky because vring addresses are
> serialized in two separate places.  VIRTIO 1.0 devices serialize desc
> and then a subsection with used and avail.  Legacy devices only
> serialize desc.
> 
> Live migration of VIRTIO 1.0 devices fails on the destination host with:
> 
>   VQ 0 size 0x80 < last_avail_idx 0x12f8 - used_idx 0x0
>   Failed to load virtio-blk:virtio
>   error while loading state for instance 0x0 of device '0000:00:04.0/virtio-blk'
> 
> This happens because the memory region cache is only initialized after
> desc is loaded and not after the used and avail subsection is loaded.
> If the guest chose memory addresses that don't match the legacy ring
> layout then the wrong guest memory location is accessed.
> 
> Clarify comments about VIRTIO 1.0 and force memory region cache
> initialization at the point where all ring addresses are known.

Yes, the XXX comments should have been changed when the subsection for
used/avail had been introduced.

> 
> Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>  hw/virtio/virtio.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index da5c6fe..5bbc34b 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -1853,7 +1853,10 @@ void virtio_save(VirtIODevice *vdev, QEMUFile *f)
>          if (k->has_variable_vring_alignment) {
>              qemu_put_be32(f, vdev->vq[i].vring.align);
>          }
> -        /* XXX virtio-1 devices */
> +        /*
> +         * Save desc now, the rest of the ring addresses are saved in
> +         * subsections for VIRTIO-1 devices.
> +         */
>          qemu_put_be64(f, vdev->vq[i].vring.desc);
>          qemu_put_be16s(f, &vdev->vq[i].last_avail_idx);
>          if (k->save_queue) {
> @@ -1995,7 +1998,10 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
>          vdev->vq[i].notification = true;
> 
>          if (vdev->vq[i].vring.desc) {
> -            /* XXX virtio-1 devices */
> +            /*
> +             * VIRTIO-1 devices may not have final ring addresses here.  The
> +             * used and avail ring addresses are loaded in subsections later.
> +             */
>              virtio_queue_update_rings(vdev, i);
>          } else if (vdev->vq[i].last_avail_idx) {
>              error_report("VQ %d address 0x0 "
> @@ -2062,6 +2068,10 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
>      for (i = 0; i < num; i++) {
>          if (vdev->vq[i].vring.desc) {
>              uint16_t nheads;
> +
> +            /* All ring addresses have been loaded now... */
> +            virtio_init_region_cache(vdev, i);

It feels a bit weird that the region cache was already initialized when
update rings was called. Should the call to init_region_cache be moved
from update_rings() to virtio_queue_set_addr()?

> +
>              nheads = vring_avail_idx(&vdev->vq[i]) - vdev->vq[i].last_avail_idx;
>              /* Check it isn't doing strange things with descriptor numbers. */
>              if (nheads > vdev->vq[i].vring.num) {

Re: [Qemu-devel] [PATCH 2/2] virtio: add missing region cache init in virtio_load()

[Paolo Bonzini]

On 22/02/2017 10:16, Cornelia Huck wrote:
>> +
>> +            /* All ring addresses have been loaded now... */
>> +            virtio_init_region_cache(vdev, i);
> It feels a bit weird that the region cache was already initialized when
> update rings was called. Should the call to init_region_cache be moved
> from update_rings() to virtio_queue_set_addr()?

virtio_queue_set_addr isn't called at all, is it?

The alternative would be to call virtio_init_region_cache from a
postload callback of vmstate_virtqueue, but Stefan's patch is fine too IMHO.

Paolo

Re: [Qemu-devel] [PATCH 2/2] virtio: add missing region cache init in virtio_load()

[Cornelia Huck]

On Wed, 22 Feb 2017 11:19:45 +0100
Paolo Bonzini <pbonzini@redhat.com> wrote:

> On 22/02/2017 10:16, Cornelia Huck wrote:
> >> +
> >> +            /* All ring addresses have been loaded now... */
> >> +            virtio_init_region_cache(vdev, i);
> > It feels a bit weird that the region cache was already initialized when
> > update rings was called. Should the call to init_region_cache be moved
> > from update_rings() to virtio_queue_set_addr()?
> 
> virtio_queue_set_addr isn't called at all, is it?
> 
> The alternative would be to call virtio_init_region_cache from a
> postload callback of vmstate_virtqueue, but Stefan's patch is fine too IMHO.

What I meant was:

We currently have

set_addr -> update_rings -> init_region_cache

and for virtio-1

set_rings -> init_region_cache

The code with Stefan's fix now sets up a region cache via update_rings
and replaces it later via the call introduced above - which is fine,
but adds an extra iteration.

If we move to

set_addr -> update_rings
            init_region_cache

we get the same call pattern for both legacy and virtio-1 layouts and
save the extra iteration. But we can do that in an additional cleanup
patch, and I think the patch is fine as-is, so

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>

Re: [Qemu-devel] [PATCH 2/2] virtio: add missing region cache init in virtio_load()

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 634 bytes --]

On Wed, Feb 22, 2017 at 10:16:53AM +0100, Cornelia Huck wrote:
> > @@ -2062,6 +2068,10 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
> >      for (i = 0; i < num; i++) {
> >          if (vdev->vq[i].vring.desc) {
> >              uint16_t nheads;
> > +
> > +            /* All ring addresses have been loaded now... */
> > +            virtio_init_region_cache(vdev, i);
> 
> It feels a bit weird that the region cache was already initialized when
> update rings was called. Should the call to init_region_cache be moved
> from update_rings() to virtio_queue_set_addr()?

Will fix in v2.

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 455 bytes --]