From nobody Wed Oct 29 17:11:30 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1525407922448529.5450835935164;
 Thu, 3 May 2018 21:25:22 -0700 (PDT)
Received: from localhost ([::1]:60375 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1fESHW-0007lZ-80
	for importer@patchew.org; Fri, 04 May 2018 00:25:18 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51940)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1fESFc-0006UV-HI
	for qemu-devel@nongnu.org; Fri, 04 May 2018 00:23:21 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1fESFZ-0008Dc-Bs
	for qemu-devel@nongnu.org; Fri, 04 May 2018 00:23:20 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:59536
	helo=mx0a-001b2d01.pphosted.com)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mdroth@linux.vnet.ibm.com>)
	id 1fESFZ-0008By-6v
	for qemu-devel@nongnu.org; Fri, 04 May 2018 00:23:17 -0400
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w444K03v031315
	for <qemu-devel@nongnu.org>; Fri, 4 May 2018 00:23:15 -0400
Received: from e13.ny.us.ibm.com (e13.ny.us.ibm.com [129.33.205.203])
	by mx0b-001b2d01.pphosted.com with ESMTP id 2hr894reyn-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <qemu-devel@nongnu.org>; Fri, 04 May 2018 00:23:14 -0400
Received: from localhost
	by e13.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>;
	Fri, 4 May 2018 00:23:14 -0400
Received: from b01cxnp22034.gho.pok.ibm.com (9.57.198.24)
	by e13.ny.us.ibm.com (146.89.104.200) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 00:23:10 -0400
Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com
	[9.57.199.107])
	by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	w444NAmL48758918; Fri, 4 May 2018 04:23:10 GMT
Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 2D56812403F;
	Fri,  4 May 2018 01:25:08 -0400 (EDT)
Received: from localhost (unknown [9.80.87.135])
	by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP id E52DD124037;
	Fri,  4 May 2018 01:25:07 -0400 (EDT)
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Thu,  3 May 2018 23:20:44 -0500
X-Mailer: git-send-email 2.11.0
X-TM-AS-GCONF: 00
x-cbid: 18050404-0008-0000-0000-0000030297DF
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008965; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027202; UDB=6.00524687;
	IPR=6.00806335;
	MB=3.00020919; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 04:23:12
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050404-0009-0000-0000-000039209394
Message-Id: <20180504042044.10318-1-mdroth@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-03_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=29 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040037
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy]
X-Received-From: 148.163.158.5
Subject: [Qemu-devel] [PATCH] target/ppc: only save guest timebase once
 after stopping
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>, Laurent Vivier <lvivier@redhat.com>,
	qemu-ppc@nongnu.org, qemu-stable@nongnu.org,
	David Gibson <david@gibson.dropbear.id.au>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

In some cases (e.g. spapr) we record guest timebase after qmp_stop()
via a runstate hook so we can restore it on qmp_cont(). If a migration
occurs in between those events we end up saving it again, this time
based on the current timebase the guest would be seeing had it been
running. This has the effect of advancing the guest timebase while
it is stopped, which is not what the code intends.

Other than simple jumps in time, this has been seen to trigger what
appear to be RCU-related crashes in recent kernels when the advance
exceeds rcu_cpu_stall_timeout, and it can be triggered by fairly
common operations such as `virsh migrate ... --timeout 60`.

Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Laurent Vivier <lvivier@redhat.com>
Cc: qemu-ppc@nongnu.org
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/ppc/ppc.c         | 12 ++++++++++++
 target/ppc/cpu-qom.h |  1 +
 2 files changed, 13 insertions(+)

diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index ec4be25f49..ff0a107864 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -865,6 +865,15 @@ static void timebase_save(PPCTimebase *tb)
     uint64_t ticks =3D cpu_get_host_ticks();
     PowerPCCPU *first_ppc_cpu =3D POWERPC_CPU(first_cpu);
=20
+    /* since we generally save timebase just after the guest
+     * has stopped, avoid trying to save it again since we will
+     * end up advancing it by the amount of ticks that have
+     * elapsed in the host since the initial save
+     */
+    if (tb->saved) {
+        return;
+    }
+
     if (!first_ppc_cpu->env.tb_env) {
         error_report("No timebase object");
         return;
@@ -877,6 +886,7 @@ static void timebase_save(PPCTimebase *tb)
      * there is no need to update it from KVM here
      */
     tb->guest_timebase =3D ticks + first_ppc_cpu->env.tb_env->tb_offset;
+    tb->saved =3D true;
 }
=20
 static void timebase_load(PPCTimebase *tb)
@@ -908,6 +918,8 @@ static void timebase_load(PPCTimebase *tb)
                         &pcpu->env.tb_env->tb_offset);
 #endif
     }
+
+    tb->saved =3D false;
 }
=20
 void cpu_ppc_clock_vm_state_change(void *opaque, int running,
diff --git a/target/ppc/cpu-qom.h b/target/ppc/cpu-qom.h
index deaa46a14b..ec2dbcdcae 100644
--- a/target/ppc/cpu-qom.h
+++ b/target/ppc/cpu-qom.h
@@ -210,6 +210,7 @@ typedef struct PowerPCCPUClass {
 typedef struct PPCTimebase {
     uint64_t guest_timebase;
     int64_t time_of_the_day_ns;
+    bool saved;
 } PPCTimebase;
=20
 extern const struct VMStateDescription vmstate_ppc_timebase;
--=20
2.11.0