From: Greg Kurz <groug@kaod.org>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc@nongnu.org, "Cédric Le Goater" <clg@kaod.org>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH for-4.2] xics/kvm: Convert assert() to error_setg()
Date: Fri, 5 Jul 2019 15:40:00 +0200 [thread overview]
Message-ID: <20190705154000.78f67bc9@bahia.lan> (raw)
In-Reply-To: <20190705045623.GB3266@umbus.fritz.box>
On Fri, 5 Jul 2019 14:56:23 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:
> On Thu, Jul 04, 2019 at 10:12:04AM +0200, Greg Kurz wrote:
> > On Thu, 4 Jul 2019 10:23:57 +1000
> > David Gibson <david@gibson.dropbear.id.au> wrote:
> >
> > > On Wed, Jul 03, 2019 at 07:50:12PM +0200, Greg Kurz wrote:
> > > > ics_set_kvm_state_one() is called either during reset, in which case
> > > > both 'saved priority' and 'current priority' are equal to 0xff, or
> > > > during migration. In the latter case, 'saved priority' may differ
> > > > from 'current priority' only if the interrupt had been masked with
> > > > the ibm,int-off RTAS call. Instead of aborting QEMU, print out an
> > > > error and exit.
> > >
> > > What's the rationale for this? Doesn't hitting this indicate an error
> > > in the qemu code, for which an abort is the usual response?
> > >
> >
> > This error can be hit by the destination during migration if the
> > incoming stream is corrupted. Aborting in this case would mislead
> > the user into suspecting a bug in the destination QEMU, which isn't
> > the case.
>
> Rather than a bug in the source qemu? I guess so.
>
A bug in the source QEMU for live migration or a corrupted snapshot
for load_vm, which could result from a qcow2 file corruption for
example.
> > Appart from that, when the in-kernel XICS is in use, only two functions
> > manipulate the ICS state: ics_set_kvm_state_one() and ics_get_kvm_state().
> > The code is trivial enough that I don't see a great value in the assert
> > in the first place... BTW, it comes from the commit:
> >
> > commit 11ad93f68195f68cc94d988f2aa50b4d190ee52a
> > Author: David Gibson <david@gibson.dropbear.id.au>
> > Date: Thu Sep 26 16:18:44 2013 +1000
> >
> > xics-kvm: Support for in-kernel XICS interrupt controller
> >
> > Maybe you remember some context that justified the assert at the
> > time ?
>
> It was probably mostly about documenting the invariants that are
> supposed to apply here.
>
Indeed this error on the reset path is very likely a bug in QEMU,
and the assert() makes sense in this case.
I'm convinced by the documenting argument. Please forget this patch :)
> >
> > > >
> > > > Based-on: <156217454083.559957.7359208229523652842.stgit@bahia.lan>
> > > > Signed-off-by: Greg Kurz <groug@kaod.org>
> > > > ---
> > > >
> > > > This isn't a bugfix, hence targetting 4.2, but it depends on an actual
> > > > fix for 4.1, as mentionned in the Based-on tag.
> > > > ---
> > > > hw/intc/xics_kvm.c | 17 +++++++++++++++--
> > > > 1 file changed, 15 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
> > > > index 2df1f3e92c7e..f8758b928250 100644
> > > > --- a/hw/intc/xics_kvm.c
> > > > +++ b/hw/intc/xics_kvm.c
> > > > @@ -255,8 +255,21 @@ int ics_set_kvm_state_one(ICSState *ics, int srcno, Error **errp)
> > > > state = irq->server;
> > > > state |= (uint64_t)(irq->saved_priority & KVM_XICS_PRIORITY_MASK)
> > > > << KVM_XICS_PRIORITY_SHIFT;
> > > > - if (irq->priority != irq->saved_priority) {
> > > > - assert(irq->priority == 0xff);
> > > > +
> > > > + /*
> > > > + * An interrupt can be masked either because the ICS is resetting, in
> > > > + * which case we expect 'current priority' and 'saved priority' to be
> > > > + * equal to 0xff, or because the guest has called the ibm,int-off RTAS
> > > > + * call, in which case we we have recorded the priority the interrupt
> > > > + * had before it was masked in 'saved priority'. If the interrupt isn't
> > > > + * masked, 'saved priority' and 'current priority' are equal (see
> > > > + * ics_get_kvm_state()). Make sure we restore a sane state, otherwise
> > > > + * fail migration.
> > > > + */
> > > > + if (irq->priority != irq->saved_priority && irq->priority != 0xff) {
> > > > + error_setg(errp, "Corrupted state detected for interrupt source %d",
> > > > + srcno);
> > > > + return -EINVAL;
> > > > }
> > > >
> > > > if (irq->priority == 0xff) {
> > > >
> > >
> >
>
prev parent reply other threads:[~2019-07-05 13:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-03 17:50 [Qemu-devel] [PATCH for-4.2] xics/kvm: Convert assert() to error_setg() Greg Kurz
2019-07-03 23:30 ` no-reply
2019-07-04 0:23 ` David Gibson
2019-07-04 8:12 ` Greg Kurz
2019-07-05 4:56 ` David Gibson
2019-07-05 13:40 ` Greg Kurz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190705154000.78f67bc9@bahia.lan \
--to=groug@kaod.org \
--cc=clg@kaod.org \
--cc=david@gibson.dropbear.id.au \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).