Message ID | 1620390320-301716-8-git-send-email-steven.sistare@oracle.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Live Update | expand |
On Fri, May 07, 2021 at 05:25:05AM -0700, Steve Sistare wrote: > To use the restart mode, qemu must be started with the memfd-alloc machine > option. The memfd's are saved to the environment and kept open across exec, > after which they are found from the environment and re-mmap'd. Hence guest > ram is preserved in place, albeit with new virtual addresses in the qemu > process. The caller resumes the guest by calling cprload, which loads > state from the file. If the VM was running at cprsave time, then VM > execution resumes. cprsave supports any type of guest image and block > device, but the caller must not modify guest block devices between cprsave > and cprload. Does QEMU's existing -object memory-backend-file on tmpfs or hugetlbfs achieve the same thing?
On 5/12/2021 12:19 PM, Stefan Hajnoczi wrote: > On Fri, May 07, 2021 at 05:25:05AM -0700, Steve Sistare wrote: >> To use the restart mode, qemu must be started with the memfd-alloc machine >> option. The memfd's are saved to the environment and kept open across exec, >> after which they are found from the environment and re-mmap'd. Hence guest >> ram is preserved in place, albeit with new virtual addresses in the qemu >> process. The caller resumes the guest by calling cprload, which loads >> state from the file. If the VM was running at cprsave time, then VM >> execution resumes. cprsave supports any type of guest image and block >> device, but the caller must not modify guest block devices between cprsave >> and cprload. > > Does QEMU's existing -object memory-backend-file on tmpfs or hugetlbfs > achieve the same thing? Not quite. Various secondary anonymous memory objects are allocated via ram_block_add and must be preserved, such as these on x86_64. vga.vram pc.ram pc.bios pc.rom vga.rom rom@etc/acpi/tables rom@etc/table-loader rom@etc/acpi/rsdp Even the read-only areas must be preserved rather than recreated from files in the updated qemu, as their contents may have changed. - Steve
On Thu, May 13, 2021 at 04:21:02PM -0400, Steven Sistare wrote: > On 5/12/2021 12:19 PM, Stefan Hajnoczi wrote: > > On Fri, May 07, 2021 at 05:25:05AM -0700, Steve Sistare wrote: > >> To use the restart mode, qemu must be started with the memfd-alloc machine > >> option. The memfd's are saved to the environment and kept open across exec, > >> after which they are found from the environment and re-mmap'd. Hence guest > >> ram is preserved in place, albeit with new virtual addresses in the qemu > >> process. The caller resumes the guest by calling cprload, which loads > >> state from the file. If the VM was running at cprsave time, then VM > >> execution resumes. cprsave supports any type of guest image and block > >> device, but the caller must not modify guest block devices between cprsave > >> and cprload. > > > > Does QEMU's existing -object memory-backend-file on tmpfs or hugetlbfs > > achieve the same thing? > > Not quite. Various secondary anonymous memory objects are allocated via ram_block_add > and must be preserved, such as these on x86_64. > vga.vram > pc.ram > pc.bios > pc.rom > vga.rom > rom@etc/acpi/tables > rom@etc/table-loader > rom@etc/acpi/rsdp > > Even the read-only areas must be preserved rather than recreated from files in the updated > qemu, as their contents may have changed. Migration knows how to save/load these RAM blocks. Only pc.ram is significant in size so I'm not sure it's worth special-casing the others? Stefan
On 5/14/2021 7:28 AM, Stefan Hajnoczi wrote: > On Thu, May 13, 2021 at 04:21:02PM -0400, Steven Sistare wrote: >> On 5/12/2021 12:19 PM, Stefan Hajnoczi wrote: >>> On Fri, May 07, 2021 at 05:25:05AM -0700, Steve Sistare wrote: >>>> To use the restart mode, qemu must be started with the memfd-alloc machine >>>> option. The memfd's are saved to the environment and kept open across exec, >>>> after which they are found from the environment and re-mmap'd. Hence guest >>>> ram is preserved in place, albeit with new virtual addresses in the qemu >>>> process. The caller resumes the guest by calling cprload, which loads >>>> state from the file. If the VM was running at cprsave time, then VM >>>> execution resumes. cprsave supports any type of guest image and block >>>> device, but the caller must not modify guest block devices between cprsave >>>> and cprload. >>> >>> Does QEMU's existing -object memory-backend-file on tmpfs or hugetlbfs >>> achieve the same thing? >> >> Not quite. Various secondary anonymous memory objects are allocated via ram_block_add >> and must be preserved, such as these on x86_64. >> vga.vram >> pc.ram >> pc.bios >> pc.rom >> vga.rom >> rom@etc/acpi/tables >> rom@etc/table-loader >> rom@etc/acpi/rsdp >> >> Even the read-only areas must be preserved rather than recreated from files in the updated >> qemu, as their contents may have changed. > > Migration knows how to save/load these RAM blocks. Only pc.ram is > significant in size so I'm not sure it's worth special-casing the > others? Some of these are mapped for vfio dma as a consequence of the normal memory region callback to consumers code. We get conflict errors vs those existing vfio mappings if they are recreated and remapped in the new process. The memfd option is a simple and robust solution to that issue. - Steve
On Fri, May 14, 2021 at 11:14:44AM -0400, Steven Sistare wrote: > On 5/14/2021 7:28 AM, Stefan Hajnoczi wrote: > > On Thu, May 13, 2021 at 04:21:02PM -0400, Steven Sistare wrote: > >> On 5/12/2021 12:19 PM, Stefan Hajnoczi wrote: > >>> On Fri, May 07, 2021 at 05:25:05AM -0700, Steve Sistare wrote: > >>>> To use the restart mode, qemu must be started with the memfd-alloc machine > >>>> option. The memfd's are saved to the environment and kept open across exec, > >>>> after which they are found from the environment and re-mmap'd. Hence guest > >>>> ram is preserved in place, albeit with new virtual addresses in the qemu > >>>> process. The caller resumes the guest by calling cprload, which loads > >>>> state from the file. If the VM was running at cprsave time, then VM > >>>> execution resumes. cprsave supports any type of guest image and block > >>>> device, but the caller must not modify guest block devices between cprsave > >>>> and cprload. > >>> > >>> Does QEMU's existing -object memory-backend-file on tmpfs or hugetlbfs > >>> achieve the same thing? > >> > >> Not quite. Various secondary anonymous memory objects are allocated via ram_block_add > >> and must be preserved, such as these on x86_64. > >> vga.vram > >> pc.ram > >> pc.bios > >> pc.rom > >> vga.rom > >> rom@etc/acpi/tables > >> rom@etc/table-loader > >> rom@etc/acpi/rsdp > >> > >> Even the read-only areas must be preserved rather than recreated from files in the updated > >> qemu, as their contents may have changed. > > > > Migration knows how to save/load these RAM blocks. Only pc.ram is > > significant in size so I'm not sure it's worth special-casing the > > others? > > Some of these are mapped for vfio dma as a consequence of the normal memory region callback to > consumers code. We get conflict errors vs those existing vfio mappings if they are recreated > and remapped in the new process. The memfd option is a simple and robust solution to that issue. Okay, if the VFIO device DMAs to them then they need to stay alive. Live migration cannot copy their contents since they could be DMAed to at any time and we'd copy stale data. Stefan
diff --git a/include/migration/cpr.h b/include/migration/cpr.h new file mode 100644 index 0000000..42dec4e --- /dev/null +++ b/include/migration/cpr.h @@ -0,0 +1,17 @@ +/* + * Copyright (c) 2021 Oracle and/or its affiliates. + * + * This work is licensed under the terms of the GNU GPL, version 2. + * See the COPYING file in the top-level directory. + */ + +#ifndef MIGRATION_CPR_H +#define MIGRATION_CPR_H + +#include "qapi/qapi-types-cpr.h" + +bool cpr_active(void); +void cprsave(const char *file, CprMode mode, Error **errp); +void cprload(const char *file, Error **errp); + +#endif diff --git a/include/sysemu/runstate.h b/include/sysemu/runstate.h index 50c84af..d69dc2d 100644 --- a/include/sysemu/runstate.h +++ b/include/sysemu/runstate.h @@ -51,6 +51,7 @@ void qemu_system_reset_request(ShutdownCause reason); void qemu_system_suspend_request(void); void qemu_register_suspend_notifier(Notifier *notifier); bool qemu_wakeup_suspend_enabled(void); +void qemu_system_start_on_wake_request(void); void qemu_system_wakeup_request(WakeupReason reason, Error **errp); void qemu_system_wakeup_enable(WakeupReason reason, bool enabled); void qemu_register_wakeup_notifier(Notifier *notifier); diff --git a/migration/cpr.c b/migration/cpr.c new file mode 100644 index 0000000..e0da1cf --- /dev/null +++ b/migration/cpr.c @@ -0,0 +1,188 @@ +/* + * Copyright (c) 2021 Oracle and/or its affiliates. + * + * This work is licensed under the terms of the GNU GPL, version 2. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "monitor/monitor.h" +#include "migration.h" +#include "migration/snapshot.h" +#include "chardev/char.h" +#include "migration/misc.h" +#include "migration/cpr.h" +#include "migration/global_state.h" +#include "qemu-file-channel.h" +#include "qemu-file.h" +#include "savevm.h" +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/error-report.h" +#include "io/channel-buffer.h" +#include "io/channel-file.h" +#include "sysemu/cpu-timers.h" +#include "sysemu/runstate.h" +#include "sysemu/runstate-action.h" +#include "sysemu/sysemu.h" +#include "sysemu/replay.h" +#include "sysemu/xen.h" +#include "hw/vfio/vfio-common.h" +#include "hw/virtio/vhost.h" +#include "qemu/env.h" + +static int cpr_is_active; + +bool cpr_active(void) +{ + return cpr_is_active; +} + +QEMUFile *qf_file_open(const char *path, int flags, int mode, + const char *name, Error **errp) +{ + QIOChannelFile *fioc; + QIOChannel *ioc; + QEMUFile *f; + + if (flags & O_RDWR) { + error_setg(errp, "qf_file_open %s: O_RDWR not supported", path); + return 0; + } + + fioc = qio_channel_file_new_path(path, flags, mode, errp); + if (!fioc) { + return 0; + } + + ioc = QIO_CHANNEL(fioc); + qio_channel_set_name(ioc, name); + f = (flags & O_WRONLY) ? qemu_fopen_channel_output(ioc) : + qemu_fopen_channel_input(ioc); + object_unref(OBJECT(fioc)); + return f; +} + +static int preserve_fd(const char *name, const char *val, void *handle) +{ + qemu_clr_cloexec(atoi(val)); + return 0; +} + +void cprsave(const char *file, CprMode mode, Error **errp) +{ + int ret = 0; + QEMUFile *f; + int saved_vm_running = runstate_is_running(); + bool restart = (mode == CPR_MODE_RESTART); + bool reboot = (mode == CPR_MODE_REBOOT); + + if (reboot && qemu_ram_volatile(errp)) { + return; + } + + if (restart && xen_enabled()) { + error_setg(errp, "xen does not support cprsave restart"); + return; + } + + if (migrate_colo_enabled()) { + error_setg(errp, "error: cprsave does not support x-colo"); + return; + } + + if (replay_mode != REPLAY_MODE_NONE) { + error_setg(errp, "error: cprsave does not support replay"); + return; + } + + f = qf_file_open(file, O_CREAT | O_WRONLY | O_TRUNC, 0600, "cprsave", errp); + if (!f) { + return; + } + + ret = global_state_store(); + if (ret) { + error_setg(errp, "Error saving global state"); + qemu_fclose(f); + return; + } + if (runstate_check(RUN_STATE_SUSPENDED)) { + /* Update timers_state before saving. Suspend did not so do. */ + cpu_disable_ticks(); + } + vm_stop(RUN_STATE_SAVE_VM); + + cpr_is_active = true; + ret = qemu_save_device_state(f); + qemu_fclose(f); + if (ret < 0) { + error_setg(errp, QERR_IO_ERROR); + goto err; + } + + if (ret < 0) { + if (!*errp) { + error_setg(errp, "Error %d while saving VM state", ret); + } + goto err; + } + + if (reboot) { + shutdown_action = SHUTDOWN_ACTION_POWEROFF; + qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN); + } else if (restart) { + walkenv(FD_PREFIX, preserve_fd, 0); + setenv("QEMU_START_FREEZE", "", 1); + qemu_system_exec_request(); + } + goto done; + +err: + if (saved_vm_running) { + vm_start(); + } +done: + cpr_is_active = false; + return; +} + +void cprload(const char *file, Error **errp) +{ + QEMUFile *f; + int ret; + RunState state; + + if (runstate_is_running()) { + error_setg(errp, "cprload called for a running VM"); + return; + } + + f = qf_file_open(file, O_RDONLY, 0, "cprload", errp); + if (!f) { + return; + } + + if (qemu_get_be32(f) != QEMU_VM_FILE_MAGIC || + qemu_get_be32(f) != QEMU_VM_FILE_VERSION) { + error_setg(errp, "error: %s is not a vmstate file", file); + return; + } + + ret = qemu_load_device_state(f); + qemu_fclose(f); + if (ret < 0) { + error_setg(errp, "Error %d while loading VM state", ret); + return; + } + + state = global_state_get_runstate(); + if (state == RUN_STATE_RUNNING) { + vm_start(); + } else { + runstate_set(state); + if (runstate_check(RUN_STATE_SUSPENDED)) { + qemu_system_start_on_wake_request(); + } + } +} diff --git a/migration/meson.build b/migration/meson.build index 3ecedce..c756374 100644 --- a/migration/meson.build +++ b/migration/meson.build @@ -15,6 +15,7 @@ softmmu_ss.add(files( 'channel.c', 'colo-failover.c', 'colo.c', + 'cpr.c', 'exec.c', 'fd.c', 'global_state.c', diff --git a/migration/savevm.h b/migration/savevm.h index 6461342..ce5d710 100644 --- a/migration/savevm.h +++ b/migration/savevm.h @@ -67,5 +67,7 @@ int qemu_loadvm_state_main(QEMUFile *f, MigrationIncomingState *mis); int qemu_load_device_state(QEMUFile *f); int qemu_savevm_state_complete_precopy_non_iterable(QEMUFile *f, bool in_postcopy, bool inactivate_disks); +QEMUFile *qf_file_open(const char *path, int flags, int mode, + const char *name, Error **errp); #endif diff --git a/softmmu/physmem.c b/softmmu/physmem.c index 695aa10..b79f408 100644 --- a/softmmu/physmem.c +++ b/softmmu/physmem.c @@ -68,6 +68,7 @@ #include "qemu/pmem.h" #include "qemu/memfd.h" +#include "qemu/env.h" #include "migration/vmstate.h" #include "qemu/range.h" @@ -1957,7 +1958,7 @@ static void ram_block_add(RAMBlock *new_block, Error **errp, bool shared) } else { name = memory_region_name(new_block->mr); if (ms->memfd_alloc) { - int mfd = -1; /* placeholder until next patch */ + int mfd = getenv_fd(name); mr->align = QEMU_VMALLOC_ALIGN; if (mfd < 0) { mfd = qemu_memfd_create(name, maxlen + mr->align, @@ -1965,7 +1966,9 @@ static void ram_block_add(RAMBlock *new_block, Error **errp, bool shared) if (mfd < 0) { return; } + setenv_fd(name, mfd); } + qemu_clr_cloexec(mfd); new_block->flags |= RAM_SHARED; addr = file_ram_alloc(new_block, maxlen, mfd, false, false, 0, errp); @@ -2214,6 +2217,7 @@ void qemu_ram_free(RAMBlock *block) } qemu_mutex_lock_ramlist(); + unsetenv_fd(memory_region_name(block->mr)); QLIST_REMOVE_RCU(block, next); ram_list.mru_block = NULL; /* Write list before version */ diff --git a/softmmu/runstate.c b/softmmu/runstate.c index bea7513..07952cc 100644 --- a/softmmu/runstate.c +++ b/softmmu/runstate.c @@ -115,6 +115,8 @@ static const RunStateTransition runstate_transitions_def[] = { { RUN_STATE_PRELAUNCH, RUN_STATE_RUNNING }, { RUN_STATE_PRELAUNCH, RUN_STATE_FINISH_MIGRATE }, { RUN_STATE_PRELAUNCH, RUN_STATE_INMIGRATE }, + { RUN_STATE_PRELAUNCH, RUN_STATE_SUSPENDED }, + { RUN_STATE_PRELAUNCH, RUN_STATE_PAUSED }, { RUN_STATE_FINISH_MIGRATE, RUN_STATE_RUNNING }, { RUN_STATE_FINISH_MIGRATE, RUN_STATE_PAUSED }, @@ -334,6 +336,7 @@ void vm_state_notify(bool running, RunState state) } } +static bool start_on_wake_requested; static ShutdownCause reset_requested; static ShutdownCause shutdown_requested; static int shutdown_signal; @@ -567,6 +570,11 @@ void qemu_register_suspend_notifier(Notifier *notifier) notifier_list_add(&suspend_notifiers, notifier); } +void qemu_system_start_on_wake_request(void) +{ + start_on_wake_requested = true; +} + void qemu_system_wakeup_request(WakeupReason reason, Error **errp) { trace_system_wakeup_request(reason); @@ -579,7 +587,18 @@ void qemu_system_wakeup_request(WakeupReason reason, Error **errp) if (!(wakeup_reason_mask & (1 << reason))) { return; } - runstate_set(RUN_STATE_RUNNING); + + /* + * Must call vm_start if it has never been called, to invoke the state + * change callbacks for the first time. + */ + if (start_on_wake_requested) { + start_on_wake_requested = false; + vm_start(); + } else { + runstate_set(RUN_STATE_RUNNING); + } + wakeup_reason = reason; qemu_notify_event(); } diff --git a/softmmu/vl.c b/softmmu/vl.c index 04ab752..4654693 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -3510,6 +3510,12 @@ void qemu_init(int argc, char **argv, char **envp) */ loc_set_none(); + /* Equivalent to -S, but no need for parent to modify argv. */ + if (getenv("QEMU_START_FREEZE")) { + unsetenv("QEMU_START_FREEZE"); + autostart = 0; + } + qemu_validate_options(); qemu_process_sugar_options();
Provide the cprsave and cprload functions for live update. These save and restore VM state, with minimal guest pause time, so that qemu may be updated to a new version in between. cprsave stops the VM and saves vmstate to an ordinary file. It supports two modes: restart and reboot. For restart, cprsave exec's the qemu binary (or /usr/bin/qemu-exec if it exists) with the same argv. qemu restarts in a paused state and waits for the cprload command. To use the restart mode, qemu must be started with the memfd-alloc machine option. The memfd's are saved to the environment and kept open across exec, after which they are found from the environment and re-mmap'd. Hence guest ram is preserved in place, albeit with new virtual addresses in the qemu process. The caller resumes the guest by calling cprload, which loads state from the file. If the VM was running at cprsave time, then VM execution resumes. cprsave supports any type of guest image and block device, but the caller must not modify guest block devices between cprsave and cprload. For the reboot mode, cprsave saves state and exits qemu, and the caller is allowed to update the host kernel and system software and reboot. The caller resumes the guest by running qemu with the same arguments as the original process and calling cprload. To use this mode, guest ram must be mapped to a persistent shared memory file such as /dev/dax0.0 or /dev/shm PKRAM. The reboot mode supports vfio devices if the caller suspends the guest instead of stopping the VM, such as by issuing guest-suspend-ram to the qemu guest agent. The guest drivers' suspend methods flush outstanding requests and re-initialize the devices, and thus there is no device state to save and restore. The restart mode supports vfio devices in a subsequent patch. Signed-off-by: Steve Sistare <steven.sistare@oracle.com> --- include/migration/cpr.h | 17 +++++ include/sysemu/runstate.h | 1 + migration/cpr.c | 188 ++++++++++++++++++++++++++++++++++++++++++++++ migration/meson.build | 1 + migration/savevm.h | 2 + softmmu/physmem.c | 6 +- softmmu/runstate.c | 21 +++++- softmmu/vl.c | 6 ++ 8 files changed, 240 insertions(+), 2 deletions(-) create mode 100644 include/migration/cpr.h create mode 100644 migration/cpr.c