From: Juraj Marcin <[email protected]> Currently, there are two functions that are responsible for cleanup of the incoming migration state. With successful precopy, it's the process incoming migration coroutine and with successful postcopy it's the postcopy listen thread. However, if postcopy fails during in the device load, both functions will try to do the cleanup. Moreover, when exit-on-error parameter was added, it was applied only to precopy.
This patch introduces exit-on-error to postcopy and refactors incoming migration cleanup into a common function while defining a clear boundary of who is responsible for the cleanup. The process incoming migration coroutine is responsible for running the cleanup function, unless the listen thread has been started (the postcopy state is at least in LISTENING phase), in which case the postcopy listen thread runs the incoming migration cleanup in a BH, which also joins the listen thread. Signed-off-by: Juraj Marcin <[email protected]> --- migration/migration-hmp-cmds.c | 2 +- migration/migration.c | 77 +++++++++++++++++----------------- migration/migration.h | 4 +- migration/postcopy-ram.c | 53 ++++++++++------------- migration/savevm.c | 4 +- qapi/migration.json | 9 +++- system/vl.c | 3 +- 7 files changed, 75 insertions(+), 77 deletions(-) diff --git a/migration/migration-hmp-cmds.c b/migration/migration-hmp-cmds.c index 847d18faaa..c572c1fb28 100644 --- a/migration/migration-hmp-cmds.c +++ b/migration/migration-hmp-cmds.c @@ -521,7 +521,7 @@ void hmp_migrate_incoming(Monitor *mon, const QDict *qdict) } QAPI_LIST_PREPEND(caps, g_steal_pointer(&channel)); - qmp_migrate_incoming(NULL, true, caps, true, false, &err); + qmp_migrate_incoming(NULL, true, caps, true, false, true, false, &err); qapi_free_MigrationChannelList(caps); end: diff --git a/migration/migration.c b/migration/migration.c index 8827884a15..2cc6327c39 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -328,6 +328,7 @@ void migration_object_init(void) current_incoming->page_requested = g_tree_new(page_request_addr_cmp); current_incoming->exit_on_error = INMIGRATE_DEFAULT_EXIT_ON_ERROR; + current_incoming->postcopy_exit_on_error = INMIGRATE_DEFAULT_EXIT_ON_ERROR; migration_object_check(current_migration, &error_fatal); @@ -436,12 +437,18 @@ void migration_incoming_transport_cleanup(MigrationIncomingState *mis) } } -void migration_incoming_state_destroy(void) +void migration_incoming_cleanup(void) { - struct MigrationIncomingState *mis = migration_incoming_get_current(); + MigrationState *ms = migrate_get_current(); + MigrationIncomingState *mis = migration_incoming_get_current(); + PostcopyState ps = postcopy_state_get(); multifd_recv_cleanup(); + if (ps != POSTCOPY_INCOMING_NONE) { + postcopy_incoming_cleanup(mis); + } + /* * RAM state cleanup needs to happen after multifd cleanup, because * multifd threads can use some of its states (receivedmap). @@ -493,6 +500,22 @@ void migration_incoming_state_destroy(void) cpr_set_incoming_mode(MIG_MODE_NONE); yank_unregister_instance(MIGRATION_YANK_INSTANCE); + + if (mis->state == MIGRATION_STATUS_FAILED && + ((ps < POSTCOPY_INCOMING_LISTENING && mis->exit_on_error) || + (ps >= POSTCOPY_INCOMING_LISTENING && mis->postcopy_exit_on_error))) { + WITH_QEMU_LOCK_GUARD(&ms->error_mutex) { + error_report_err(ms->error); + ms->error = NULL; + } + + exit(EXIT_FAILURE); + } +} + +void migration_incoming_cleanup_bh(void *opaque) +{ + migration_incoming_cleanup(); } static void migrate_generate_event(MigrationStatus new_state) @@ -858,7 +881,7 @@ static void process_incoming_migration_bh(void *opaque) */ migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE, MIGRATION_STATUS_COMPLETED); - migration_incoming_state_destroy(); + migration_incoming_cleanup(); } static void coroutine_fn @@ -885,23 +908,13 @@ process_incoming_migration_co(void *opaque) ps = postcopy_state_get(); trace_process_incoming_migration_co_end(ret, ps); - if (ps != POSTCOPY_INCOMING_NONE) { - if (ps == POSTCOPY_INCOMING_ADVISE) { - /* - * Where a migration had postcopy enabled (and thus went to advise) - * but managed to complete within the precopy period, we can use - * the normal exit. - */ - postcopy_incoming_cleanup(mis); - } else if (ret >= 0) { - /* - * Postcopy was started, cleanup should happen at the end of the - * postcopy thread. - */ - trace_process_incoming_migration_co_postcopy_end_main(); - goto out; - } - /* Else if something went wrong then just fall out of the normal exit */ + if (ps >= POSTCOPY_INCOMING_LISTENING) { + /* + * Postcopy was started, cleanup should happen at the end of the + * postcopy listen thread. + */ + trace_process_incoming_migration_co_postcopy_end_main(); + goto out; } if (ret < 0) { @@ -924,25 +937,7 @@ fail: migrate_set_error(s, local_err); error_free(local_err); - migration_incoming_state_destroy(); - - if (mis->exit_on_error) { - WITH_QEMU_LOCK_GUARD(&s->error_mutex) { - error_report_err(s->error); - s->error = NULL; - } - - exit(EXIT_FAILURE); - } else { - /* - * Report the error here in case that QEMU abruptly exits - * when postcopy is enabled. - */ - WITH_QEMU_LOCK_GUARD(&s->error_mutex) { - error_report_err(s->error); - s->error = NULL; - } - } + migration_incoming_cleanup(); out: /* Pairs with the refcount taken in qmp_migrate_incoming() */ migrate_incoming_unref_outgoing_state(); @@ -1968,6 +1963,8 @@ void migrate_del_blocker(Error **reasonp) void qmp_migrate_incoming(const char *uri, bool has_channels, MigrationChannelList *channels, bool has_exit_on_error, bool exit_on_error, + bool has_postcopy_exit_on_error, + bool postcopy_exit_on_error, Error **errp) { Error *local_err = NULL; @@ -1989,6 +1986,8 @@ void qmp_migrate_incoming(const char *uri, bool has_channels, mis->exit_on_error = has_exit_on_error ? exit_on_error : INMIGRATE_DEFAULT_EXIT_ON_ERROR; + mis->postcopy_exit_on_error = has_postcopy_exit_on_error ? + postcopy_exit_on_error : INMIGRATE_DEFAULT_EXIT_ON_ERROR; qemu_start_incoming_migration(uri, has_channels, channels, &local_err); diff --git a/migration/migration.h b/migration/migration.h index 01329bf824..9d9e95ae90 100644 --- a/migration/migration.h +++ b/migration/migration.h @@ -249,10 +249,12 @@ struct MigrationIncomingState { /* Do exit on incoming migration failure */ bool exit_on_error; + bool postcopy_exit_on_error; }; MigrationIncomingState *migration_incoming_get_current(void); -void migration_incoming_state_destroy(void); +void migration_incoming_cleanup(void); +void migration_incoming_cleanup_bh(void *opaque); void migration_incoming_transport_cleanup(MigrationIncomingState *mis); /* * Functions to work with blocktime context diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c index dbbb2dfb78..0375366ed0 100644 --- a/migration/postcopy-ram.c +++ b/migration/postcopy-ram.c @@ -2130,53 +2130,37 @@ static void *postcopy_listen_thread(void *opaque) "bitmaps may be lost, and present migrated dirty " "bitmaps are correctly migrated and valid.", __func__, load_res); - load_res = 0; /* prevent further exit() */ } else { + /* + * Something went fatally wrong and we have a bad state, QEMU will + * exit depending on if postcopy-exit-on-error is true, but the + * migration cannot be recovered. + */ error_prepend(&local_err, "loadvm failed during postcopy: %d: ", load_res); migrate_set_error(migr, local_err); error_report_err(local_err); migrate_set_state(&mis->state, MIGRATION_STATUS_POSTCOPY_ACTIVE, MIGRATION_STATUS_FAILED); + goto out; } } - if (load_res >= 0) { - /* - * This looks good, but it's possible that the device loading in the - * main thread hasn't finished yet, and so we might not be in 'RUN' - * state yet; wait for the end of the main thread. - */ - qemu_event_wait(&mis->main_thread_load_event); - } - postcopy_incoming_cleanup(mis); - - if (load_res < 0) { - /* - * If something went wrong then we have a bad state so exit; - * depending how far we got it might be possible at this point - * to leave the guest running and fire MCEs for pages that never - * arrived as a desperate recovery step. - */ - rcu_unregister_thread(); - exit(EXIT_FAILURE); - } + /* + * This looks good, but it's possible that the device loading in the + * main thread hasn't finished yet, and so we might not be in 'RUN' + * state yet; wait for the end of the main thread. + */ + qemu_event_wait(&mis->main_thread_load_event); migrate_set_state(&mis->state, MIGRATION_STATUS_POSTCOPY_ACTIVE, MIGRATION_STATUS_COMPLETED); - /* - * If everything has worked fine, then the main thread has waited - * for us to start, and we're the last use of the mis. - * (If something broke then qemu will have to exit anyway since it's - * got a bad migration state). - */ - bql_lock(); - migration_incoming_state_destroy(); - bql_unlock(); +out: rcu_unregister_thread(); - mis->have_listen_thread = false; postcopy_state_set(POSTCOPY_INCOMING_END); + migration_bh_schedule(migration_incoming_cleanup_bh, NULL); + object_unref(OBJECT(migr)); return NULL; @@ -2206,7 +2190,7 @@ int postcopy_incoming_setup(MigrationIncomingState *mis, Error **errp) mis->have_listen_thread = true; postcopy_thread_create(mis, &mis->listen_thread, MIGRATION_THREAD_DST_LISTEN, - postcopy_listen_thread, QEMU_THREAD_DETACHED); + postcopy_listen_thread, QEMU_THREAD_JOINABLE); return 0; } @@ -2215,6 +2199,11 @@ int postcopy_incoming_cleanup(MigrationIncomingState *mis) { int rc = 0; + if (mis->have_listen_thread) { + qemu_thread_join(&mis->listen_thread); + mis->have_listen_thread = false; + } + if (migrate_postcopy_ram()) { rc = postcopy_ram_incoming_cleanup(mis); } diff --git a/migration/savevm.c b/migration/savevm.c index 96a2699ca7..27fe815731 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -3368,7 +3368,7 @@ void qmp_xen_load_devices_state(const char *filename, Error **errp) if (ret < 0) { error_prepend(errp, "loading Xen device state failed: "); } - migration_incoming_state_destroy(); + migration_incoming_cleanup(); } bool load_snapshot(const char *name, const char *vmstate, @@ -3438,7 +3438,7 @@ bool load_snapshot(const char *name, const char *vmstate, goto err_drain; } ret = qemu_loadvm_state(f, errp); - migration_incoming_state_destroy(); + migration_incoming_cleanup(); bdrv_drain_all_end(); diff --git a/qapi/migration.json b/qapi/migration.json index be0f3fcc12..da5b3a4d8c 100644 --- a/qapi/migration.json +++ b/qapi/migration.json @@ -1817,6 +1817,12 @@ # event, and error details could be retrieved with `query-migrate`. # (since 9.1) # +# @postcopy-exit-on-error: same es exit-on-error, but used during postcopy +# migration. Default true. When set to true, QEMU only exits if a fatal +# unrecoverable error happens during postcopy, in which case QEMU would +# exit even before the introduction of this option. +# (since 10.2) +# # Since: 2.3 # # .. admonition:: Notes @@ -1870,7 +1876,8 @@ { 'command': 'migrate-incoming', 'data': {'*uri': 'str', '*channels': [ 'MigrationChannel' ], - '*exit-on-error': 'bool' } } + '*exit-on-error': 'bool', + '*postcopy-exit-on-error': 'bool' } } ## # @xen-save-devices-state: diff --git a/system/vl.c b/system/vl.c index 17bbc092c8..1308d92901 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2824,7 +2824,8 @@ void qmp_x_exit_preconfig(Error **errp) g_new0(MigrationChannelList, 1); channels->value = incoming_channels[MIGRATION_CHANNEL_TYPE_MAIN]; - qmp_migrate_incoming(NULL, true, channels, true, true, &local_err); + qmp_migrate_incoming(NULL, true, channels, true, true, true, true, + &local_err); if (local_err) { error_reportf_err(local_err, "-incoming %s: ", incoming); exit(1); -- 2.51.0
