|
|
9ae3a8 |
From 5ef9ff360b8856803c2d9e865c3c2e83f59b1099 Mon Sep 17 00:00:00 2001
|
|
|
9ae3a8 |
From: Marcel Apfelbaum <marcel.a@redhat.com>
|
|
|
9ae3a8 |
Date: Wed, 6 Nov 2013 16:32:36 +0100
|
|
|
9ae3a8 |
Subject: [PATCH 77/81] vl: allow "cont" from panicked state
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
RH-Author: Marcel Apfelbaum <marcel.a@redhat.com>
|
|
|
9ae3a8 |
Message-id: <1383755557-21590-9-git-send-email-marcel.a@redhat.com>
|
|
|
9ae3a8 |
Patchwork-id: 55553
|
|
|
9ae3a8 |
O-Subject: [RHEL-7 qemu-kvm PATCH v3 8/9] vl: allow "cont" from panicked state
|
|
|
9ae3a8 |
Bugzilla: 990601
|
|
|
9ae3a8 |
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Alex Williamson <alex.williamson@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
After reporting the GUEST_PANICKED monitor event, QEMU stops the VM.
|
|
|
9ae3a8 |
The reason for this is that events are edge-triggered, and can be lost if
|
|
|
9ae3a8 |
management dies at the wrong time. Stopping a panicked VM lets management
|
|
|
9ae3a8 |
know of a panic even if it has crashed; management can learn about the
|
|
|
9ae3a8 |
panic when it restarts and queries running QEMU processes. The downside
|
|
|
9ae3a8 |
is of course that the VM will be paused while management is not running,
|
|
|
9ae3a8 |
but that is acceptable if it only happens with explicit "-device pvpanic".
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Upon learning of a panic, management (if configured to do so) can pick a
|
|
|
9ae3a8 |
variety of behaviors: leave the VM paused, reset it, destroy it. In
|
|
|
9ae3a8 |
addition to all of these behaviors, it is possible to dump the VM core
|
|
|
9ae3a8 |
from the host.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
However, right now, the panicked state is irreversible, and can only be
|
|
|
9ae3a8 |
exited by resetting the machine. This means that any policy decision
|
|
|
9ae3a8 |
is entirely in the hands of the host. In particular there is no way to
|
|
|
9ae3a8 |
use the "reboot on panic" option together with pvpanic.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
This patch makes the panicked state reversible (and removes various
|
|
|
9ae3a8 |
workarounds that were there because of the state being irreversible).
|
|
|
9ae3a8 |
With this change, management has a wider set of possible policies: it
|
|
|
9ae3a8 |
can just log the crash and leave policy to the guest, it can leave the
|
|
|
9ae3a8 |
VM paused. In particular, the "log the crash and continue" is implemented
|
|
|
9ae3a8 |
simply by sending a "cont" as soon as management learns about the panic.
|
|
|
9ae3a8 |
Management could also implement the "irreversible paused state" itself.
|
|
|
9ae3a8 |
And again, all such actions can be coupled with dumping the VM core.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Unfortunately we cannot change the behavior of 1.6.0. Thus, even if
|
|
|
9ae3a8 |
it uses "-device pvpanic", management should check for "cont" failures.
|
|
|
9ae3a8 |
If "cont" fails, management can then log that the VM remained paused
|
|
|
9ae3a8 |
and urge the administrator to update QEMU.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
9ae3a8 |
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
|
9ae3a8 |
Acked-by: Michael S. Tsirkin <mst@redhat.com>
|
|
|
9ae3a8 |
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
9ae3a8 |
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
|
9ae3a8 |
(cherry picked from commit df39076850958b842ac9e414dc3ab2895f1877bf)
|
|
|
9ae3a8 |
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
|
|
|
9ae3a8 |
---
|
|
|
9ae3a8 |
vl.c | 5 ++---
|
|
|
9ae3a8 |
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
---
|
|
|
9ae3a8 |
vl.c | 5 ++---
|
|
|
9ae3a8 |
1 files changed, 2 insertions(+), 3 deletions(-)
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
diff --git a/vl.c b/vl.c
|
|
|
9ae3a8 |
index 7c8ba63..9b1738b 100644
|
|
|
9ae3a8 |
--- a/vl.c
|
|
|
9ae3a8 |
+++ b/vl.c
|
|
|
9ae3a8 |
@@ -640,7 +640,7 @@ static const RunStateTransition runstate_transitions_def[] = {
|
|
|
9ae3a8 |
{ RUN_STATE_WATCHDOG, RUN_STATE_RUNNING },
|
|
|
9ae3a8 |
{ RUN_STATE_WATCHDOG, RUN_STATE_FINISH_MIGRATE },
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
- { RUN_STATE_GUEST_PANICKED, RUN_STATE_PAUSED },
|
|
|
9ae3a8 |
+ { RUN_STATE_GUEST_PANICKED, RUN_STATE_RUNNING },
|
|
|
9ae3a8 |
{ RUN_STATE_GUEST_PANICKED, RUN_STATE_FINISH_MIGRATE },
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
{ RUN_STATE_MAX, RUN_STATE_MAX },
|
|
|
9ae3a8 |
@@ -687,8 +687,7 @@ int runstate_is_running(void)
|
|
|
9ae3a8 |
bool runstate_needs_reset(void)
|
|
|
9ae3a8 |
{
|
|
|
9ae3a8 |
return runstate_check(RUN_STATE_INTERNAL_ERROR) ||
|
|
|
9ae3a8 |
- runstate_check(RUN_STATE_SHUTDOWN) ||
|
|
|
9ae3a8 |
- runstate_check(RUN_STATE_GUEST_PANICKED);
|
|
|
9ae3a8 |
+ runstate_check(RUN_STATE_SHUTDOWN);
|
|
|
9ae3a8 |
}
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
StatusInfo *qmp_query_status(Error **errp)
|
|
|
9ae3a8 |
--
|
|
|
9ae3a8 |
1.7.1
|
|
|
9ae3a8 |
|