The following changes since commit c5ea91da443b458352c1b629b490ee6631775cb4:

Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging (2023-09-08 10:06:25 -0400)

https://github.com/legoater/qemu/ tags/pull-vfio-20230911

for you to fetch changes up to a31fe5daeaa230556145bfc04af1bd4e68f377fa:

vfio/common: Separate vfio-pci ranges (2023-09-11 08:34:06 +0200)

* Small downtime optimisation for VFIO migration

* P2P support for VFIO migration

* Introduction of a save_prepare() handler to fail VFIO migration

* Fix on DMA logging ranges calculation for OVMF enabling dynamic window

Avihai Horon (11):

vfio/migration: Move from STOP_COPY to STOP in vfio_save_cleanup()

sysemu: Add prepare callback to struct VMChangeStateEntry

qdev: Add qdev_add_vm_change_state_handler_full()

vfio/migration: Add P2P support for VFIO migration

vfio/migration: Allow migration of multiple P2P supporting devices

migration: Add migration prefix to functions in target.c

vfio/migration: Fail adding device with enable-migration=on and existing blocker

migration: Move more initializations to migrate_init()

migration: Add .save_prepare() handler to struct SaveVMHandlers

vfio/migration: Block VFIO migration with postcopy migration

vfio/migration: Block VFIO migration with background snapshot

Joao Martins (2):

vfio/migration: Refactor PRE_COPY and RUNNING state checks

vfio/common: Separate vfio-pci ranges

docs/devel/vfio-migration.rst | 93 +++++++++++++++++-----------

include/hw/vfio/vfio-common.h | 2 +

include/migration/register.h | 5 ++

include/sysemu/runstate.h | 7 +++

migration/migration.h | 6 +-

migration/savevm.h | 1 +

hw/core/vm-change-state-handler.c | 14 ++++-

hw/vfio/common.c | 126 ++++++++++++++++++++++++++++++--------

hw/vfio/migration.c | 106 +++++++++++++++++++++++++++-----

migration/migration.c | 33 ++++++----

migration/savevm.c | 32 ++++++++--

migration/target.c | 8 +--

softmmu/runstate.c | 40 ++++++++++++

hw/vfio/trace-events | 3 +-

14 files changed, 377 insertions(+), 99 deletions(-)

From: Avihai Horon <avihaih@nvidia.com>

Add qdev_add_vm_change_state_handler_full() variant that allows setting

a prepare callback in addition to the main callback.

This will facilitate adding P2P support for VFIO migration in the

following patches.

Signed-off-by: Avihai Horon <avihaih@nvidia.com>

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>

Reviewed-by: Cédric Le Goater <clg@redhat.com>

Tested-by: YangHang Liu <yanghliu@redhat.com>

include/sysemu/runstate.h | 3 +++

hw/core/vm-change-state-handler.c | 14 +++++++++++++-

2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/include/sysemu/runstate.h b/include/sysemu/runstate.h

--- a/include/sysemu/runstate.h

+++ b/include/sysemu/runstate.h

@@ -XXX,XX +XXX,XX @@ qemu_add_vm_change_state_handler_prio_full(VMChangeStateHandler *cb,

VMChangeStateEntry *qdev_add_vm_change_state_handler(DeviceState *dev,

VMChangeStateHandler *cb,

void *opaque);

+VMChangeStateEntry *qdev_add_vm_change_state_handler_full(

+ DeviceState *dev, VMChangeStateHandler *cb,

+ VMChangeStateHandler *prepare_cb, void *opaque);

void qemu_del_vm_change_state_handler(VMChangeStateEntry *e);

/**

* vm_state_notify: Notify the state of the VM

diff --git a/hw/core/vm-change-state-handler.c b/hw/core/vm-change-state-handler.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/core/vm-change-state-handler.c

+++ b/hw/core/vm-change-state-handler.c

@@ -XXX,XX +XXX,XX @@ static int qdev_get_dev_tree_depth(DeviceState *dev)

VMChangeStateEntry *qdev_add_vm_change_state_handler(DeviceState *dev,

VMChangeStateHandler *cb,

void *opaque)

+{

+ return qdev_add_vm_change_state_handler_full(dev, cb, NULL, opaque);

+}

+

+/*

+ * Exactly like qdev_add_vm_change_state_handler() but passes a prepare_cb

+ * argument too.

+ */

+VMChangeStateEntry *qdev_add_vm_change_state_handler_full(

+ DeviceState *dev, VMChangeStateHandler *cb,

+ VMChangeStateHandler *prepare_cb, void *opaque)

int depth = qdev_get_dev_tree_depth(dev);

- return qemu_add_vm_change_state_handler_prio(cb, opaque, depth);

+ return qemu_add_vm_change_state_handler_prio_full(cb, prepare_cb, opaque,

+ depth);

2.41.0

From: Avihai Horon <avihaih@nvidia.com>

VFIO migration is not compatible with postcopy migration. A VFIO device

in the destination can't handle page faults for pages that have not been

sent yet.

Doing such migration will cause the VM to crash in the destination:

qemu-system-x86_64: VFIO_MAP_DMA failed: Bad address

qemu-system-x86_64: vfio_dma_map(0x55a28c7659d0, 0xc0000, 0xb000, 0x7f1b11a00000) = -14 (Bad address)

qemu: hardware error: vfio: DMA mapping failed, unable to continue

To prevent this, block VFIO migration with postcopy migration.

Reported-by: Yanghang Liu <yanghliu@redhat.com>

Signed-off-by: Avihai Horon <avihaih@nvidia.com>

Tested-by: Yanghang Liu <yanghliu@redhat.com>

Reviewed-by: Peter Xu <peterx@redhat.com>

hw/vfio/migration.c | 22 ++++++++++++++++++++++

1 file changed, 22 insertions(+)

diff --git a/hw/vfio/migration.c b/hw/vfio/migration.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/vfio/migration.c

+++ b/hw/vfio/migration.c

@@ -XXX,XX +XXX,XX @@ static bool vfio_precopy_supported(VFIODevice *vbasedev)

/* ---------------------------------------------------------------------- */

+static int vfio_save_prepare(void *opaque, Error **errp)

+ VFIODevice *vbasedev = opaque;

+ * Snapshot doesn't use postcopy, so allow snapshot even if postcopy is on.

+ if (runstate_check(RUN_STATE_SAVE_VM)) {

+ return 0;

+ }

+

+ if (migrate_postcopy_ram()) {

+ error_setg(

+ errp, "%s: VFIO migration is not supported with postcopy migration",

+ vbasedev->name);

+ return -EOPNOTSUPP;

+ }

+

+ return 0;

static int vfio_save_setup(QEMUFile *f, void *opaque)

VFIODevice *vbasedev = opaque;

@@ -XXX,XX +XXX,XX @@ static bool vfio_switchover_ack_needed(void *opaque)

static const SaveVMHandlers savevm_vfio_handlers = {

+ .save_prepare = vfio_save_prepare,

.save_setup = vfio_save_setup,

.save_cleanup = vfio_save_cleanup,

.state_pending_estimate = vfio_state_pending_estimate,

2.41.0

From: Avihai Horon <avihaih@nvidia.com>

VFIO migration uAPI defines an optional intermediate P2P quiescent

state. While in the P2P quiescent state, P2P DMA transactions cannot be

initiated by the device, but the device can respond to incoming ones.

Additionally, all outstanding P2P transactions are guaranteed to have

been completed by the time the device enters this state.

The purpose of this state is to support migration of multiple devices

that might do P2P transactions between themselves.

Add support for P2P migration by transitioning all the devices to the

P2P quiescent state before stopping or starting the devices. Use the new

VMChangeStateHandler prepare_cb to achieve that behavior.

This will allow migration of multiple VFIO devices if all of them

support P2P migration.

Signed-off-by: Avihai Horon <avihaih@nvidia.com>

Tested-by: YangHang Liu <yanghliu@redhat.com>

Reviewed-by: Cédric Le Goater <clg@redhat.com>

docs/devel/vfio-migration.rst | 93 +++++++++++++++++++++--------------

hw/vfio/common.c | 6 ++-

hw/vfio/migration.c | 46 +++++++++++++++--

hw/vfio/trace-events | 1 +

4 files changed, 105 insertions(+), 41 deletions(-)

diff --git a/docs/devel/vfio-migration.rst b/docs/devel/vfio-migration.rst

--- a/docs/devel/vfio-migration.rst

+++ b/docs/devel/vfio-migration.rst

@@ -XXX,XX +XXX,XX @@ and recommends that the initial bytes are sent and loaded in the destination

before stopping the source VM. Enabling this migration capability will

guarantee that and thus, can potentially reduce downtime even further.

-Note that currently VFIO migration is supported only for a single device. This

-is due to VFIO migration's lack of P2P support. However, P2P support is planned

-to be added later on.

+To support migration of multiple devices that might do P2P transactions between

+themselves, VFIO migration uAPI defines an intermediate P2P quiescent state.

+While in the P2P quiescent state, P2P DMA transactions cannot be initiated by

+the device, but the device can respond to incoming ones. Additionally, all

+outstanding P2P transactions are guaranteed to have been completed by the time

+the device enters this state.

+

+All the devices that support P2P migration are first transitioned to the P2P

+quiescent state and only then are they stopped or started. This makes migration

+safe P2P-wise, since starting and stopping the devices is not done atomically

+for all the devices together.

+

+Thus, multiple VFIO devices migration is allowed only if all the devices

+support P2P migration. Single VFIO device migration is allowed regardless of

+P2P migration support.

A detailed description of the UAPI for VFIO device migration can be found in

the comment for the ``vfio_device_mig_state`` structure in the header file

@@ -XXX,XX +XXX,XX @@ will be blocked.

Flow of state changes during Live migration

===========================================

-Below is the flow of state change during live migration.

+Below is the state change flow during live migration for a VFIO device that

+supports both precopy and P2P migration. The flow for devices that don't

+support it is similar, except that the relevant states for precopy and P2P are

+skipped.

The values in the parentheses represent the VM state, the migration state, and

the VFIO device state, respectively.

-The text in the square brackets represents the flow if the VFIO device supports

-pre-copy.

Live migration save path

------------------------

::

- QEMU normal running state

- (RUNNING, _NONE, _RUNNING)

- |

+ QEMU normal running state

+ (RUNNING, _NONE, _RUNNING)

+ |

migrate_init spawns migration_thread

- Migration thread then calls each device's .save_setup()

- (RUNNING, _SETUP, _RUNNING [_PRE_COPY])

- |

- (RUNNING, _ACTIVE, _RUNNING [_PRE_COPY])

- If device is active, get pending_bytes by .state_pending_{estimate,exact}()

- If total pending_bytes >= threshold_size, call .save_live_iterate()

- [Data of VFIO device for pre-copy phase is copied]

- Iterate till total pending bytes converge and are less than threshold

- |

- On migration completion, vCPU stops and calls .save_live_complete_precopy for

- each active device. The VFIO device is then transitioned into _STOP_COPY state

- (FINISH_MIGRATE, _DEVICE, _STOP_COPY)

- |

- For the VFIO device, iterate in .save_live_complete_precopy until

- pending data is 0

- (FINISH_MIGRATE, _DEVICE, _STOP)

- |

- (FINISH_MIGRATE, _COMPLETED, _STOP)

- Migraton thread schedules cleanup bottom half and exits

+ Migration thread then calls each device's .save_setup()

+ (RUNNING, _SETUP, _PRE_COPY)

+ |

+ (RUNNING, _ACTIVE, _PRE_COPY)

+ If device is active, get pending_bytes by .state_pending_{estimate,exact}()

+ If total pending_bytes >= threshold_size, call .save_live_iterate()

+ Data of VFIO device for pre-copy phase is copied

+ Iterate till total pending bytes converge and are less than threshold

+ |

+ On migration completion, the vCPUs and the VFIO device are stopped

+ The VFIO device is first put in P2P quiescent state

+ (FINISH_MIGRATE, _ACTIVE, _PRE_COPY_P2P)

+ |

+ Then the VFIO device is put in _STOP_COPY state

+ (FINISH_MIGRATE, _ACTIVE, _STOP_COPY)

+ .save_live_complete_precopy() is called for each active device

+ For the VFIO device, iterate in .save_live_complete_precopy() until

+ pending data is 0

+ |

+ (POSTMIGRATE, _COMPLETED, _STOP_COPY)

+ Migraton thread schedules cleanup bottom half and exits

+ |

+ .save_cleanup() is called

+ (POSTMIGRATE, _COMPLETED, _STOP)

Live migration resume path

--------------------------

::

- Incoming migration calls .load_setup for each device

- (RESTORE_VM, _ACTIVE, _STOP)

- |

- For each device, .load_state is called for that device section data

- (RESTORE_VM, _ACTIVE, _RESUMING)

- |

- At the end, .load_cleanup is called for each device and vCPUs are started

- (RUNNING, _NONE, _RUNNING)

+ Incoming migration calls .load_setup() for each device

+ (RESTORE_VM, _ACTIVE, _STOP)

+ |

+ For each device, .load_state() is called for that device section data

+ (RESTORE_VM, _ACTIVE, _RESUMING)

+ |

+ At the end, .load_cleanup() is called for each device and vCPUs are started

+ The VFIO device is first put in P2P quiescent state

+ (RUNNING, _ACTIVE, _RUNNING_P2P)

+ |

+ (RUNNING, _NONE, _RUNNING)

Postcopy

========

diff --git a/hw/vfio/common.c b/hw/vfio/common.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/vfio/common.c

+++ b/hw/vfio/common.c

@@ -XXX,XX +XXX,XX @@ bool vfio_device_state_is_running(VFIODevice *vbasedev)

{

VFIOMigration *migration = vbasedev->migration;

- return migration->device_state == VFIO_DEVICE_STATE_RUNNING;

+ return migration->device_state == VFIO_DEVICE_STATE_RUNNING ||

+ migration->device_state == VFIO_DEVICE_STATE_RUNNING_P2P;

bool vfio_device_state_is_precopy(VFIODevice *vbasedev)

{

VFIOMigration *migration = vbasedev->migration;

- return migration->device_state == VFIO_DEVICE_STATE_PRE_COPY;

+ return migration->device_state == VFIO_DEVICE_STATE_PRE_COPY ||

+ migration->device_state == VFIO_DEVICE_STATE_PRE_COPY_P2P;

}

static bool vfio_devices_all_dirty_tracking(VFIOContainer *container)

diff --git a/hw/vfio/migration.c b/hw/vfio/migration.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/vfio/migration.c

+++ b/hw/vfio/migration.c

@@ -XXX,XX +XXX,XX @@ static const char *mig_state_to_str(enum vfio_device_mig_state state)

return "STOP_COPY";

case VFIO_DEVICE_STATE_RESUMING:

return "RESUMING";

+ case VFIO_DEVICE_STATE_RUNNING_P2P:

+ return "RUNNING_P2P";

case VFIO_DEVICE_STATE_PRE_COPY:

return "PRE_COPY";

+ case VFIO_DEVICE_STATE_PRE_COPY_P2P:

+ return "PRE_COPY_P2P";

default:

return "UNKNOWN STATE";

}

@@ -XXX,XX +XXX,XX @@ static const SaveVMHandlers savevm_vfio_handlers = {

/* ---------------------------------------------------------------------- */

+static void vfio_vmstate_change_prepare(void *opaque, bool running,

+ RunState state)

+ VFIODevice *vbasedev = opaque;

+ VFIOMigration *migration = vbasedev->migration;

+ enum vfio_device_mig_state new_state;

+ new_state = migration->device_state == VFIO_DEVICE_STATE_PRE_COPY ?

+ VFIO_DEVICE_STATE_PRE_COPY_P2P :

+ VFIO_DEVICE_STATE_RUNNING_P2P;

+ * If setting the device in new_state fails, the device should be reset.

+ * To do so, use ERROR state as a recover state.

+ ret = vfio_migration_set_state(vbasedev, new_state,

+ VFIO_DEVICE_STATE_ERROR);

+ if (ret) {

+ /*

+ * Migration should be aborted in this case, but vm_state_notify()

+ * currently does not support reporting failures.

+ */

+ if (migrate_get_current()->to_dst_file) {

+ qemu_file_set_error(migrate_get_current()->to_dst_file, ret);

+ }

+ trace_vfio_vmstate_change_prepare(vbasedev->name, running,

+ RunState_str(state),

+ mig_state_to_str(new_state));

static void vfio_vmstate_change(void *opaque, bool running, RunState state)

VFIODevice *vbasedev = opaque;

@@ -XXX,XX +XXX,XX @@ static int vfio_migration_init(VFIODevice *vbasedev)

char id[256] = "";

g_autofree char *path = NULL, *oid = NULL;

uint64_t mig_flags = 0;

+ VMChangeStateHandler *prepare_cb;

if (!vbasedev->ops->vfio_get_object) {

return -EINVAL;

@@ -XXX,XX +XXX,XX @@ static int vfio_migration_init(VFIODevice *vbasedev)

register_savevm_live(id, VMSTATE_INSTANCE_ID_ANY, 1, &savevm_vfio_handlers,

vbasedev);

- migration->vm_state = qdev_add_vm_change_state_handler(vbasedev->dev,

- vfio_vmstate_change,

- vbasedev);

+ prepare_cb = migration->mig_flags & VFIO_MIGRATION_P2P ?

+ vfio_vmstate_change_prepare :

+ NULL;

+ migration->vm_state = qdev_add_vm_change_state_handler_full(

+ vbasedev->dev, vfio_vmstate_change, prepare_cb, vbasedev);

migration->migration_state.notify = vfio_migration_state_notifier;

add_migration_state_change_notifier(&migration->migration_state);

diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events

index XXXXXXX..XXXXXXX 100644

--- a/hw/vfio/trace-events

+++ b/hw/vfio/trace-events

@@ -XXX,XX +XXX,XX @@ vfio_save_setup(const char *name, uint64_t data_buffer_size) " (%s) data buffer

vfio_state_pending_estimate(const char *name, uint64_t precopy, uint64_t postcopy, uint64_t precopy_init_size, uint64_t precopy_dirty_size) " (%s) precopy 0x%"PRIx64" postcopy 0x%"PRIx64" precopy initial size 0x%"PRIx64" precopy dirty size 0x%"PRIx64

vfio_state_pending_exact(const char *name, uint64_t precopy, uint64_t postcopy, uint64_t stopcopy_size, uint64_t precopy_init_size, uint64_t precopy_dirty_size) " (%s) precopy 0x%"PRIx64" postcopy 0x%"PRIx64" stopcopy size 0x%"PRIx64" precopy initial size 0x%"PRIx64" precopy dirty size 0x%"PRIx64

vfio_vmstate_change(const char *name, int running, const char *reason, const char *dev_state) " (%s) running %d reason %s device state %s"

+vfio_vmstate_change_prepare(const char *name, int running, const char *reason, const char *dev_state) " (%s) running %d reason %s device state %s"

2.41.0

From: Avihai Horon <avihaih@nvidia.com>

Background snapshot allows creating a snapshot of the VM while it's

running and keeping it small by not including dirty RAM pages.

The way it works is by first stopping the VM, saving the non-iterable

devices' state and then starting the VM and saving the RAM while write

protecting it with UFFD. The resulting snapshot represents the VM state

at snapshot start.

VFIO migration is not compatible with background snapshot.

First of all, VFIO device state is not even saved in background snapshot

because only non-iterable device state is saved. But even if it was

saved, after starting the VM, a VFIO device could dirty pages without it

being detected by UFFD write protection. This would corrupt the

snapshot, as the RAM in it would not represent the RAM at snapshot

start.

To prevent this, block VFIO migration with background snapshot.

Signed-off-by: Avihai Horon <avihaih@nvidia.com>

Reviewed-by: Peter Xu <peterx@redhat.com>

hw/vfio/migration.c | 11 ++++++++++-

1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/hw/vfio/migration.c b/hw/vfio/migration.c

--- a/hw/vfio/migration.c

+++ b/hw/vfio/migration.c

@@ -XXX,XX +XXX,XX @@ static int vfio_save_prepare(void *opaque, Error **errp)

VFIODevice *vbasedev = opaque;

/*

- * Snapshot doesn't use postcopy, so allow snapshot even if postcopy is on.

+ * Snapshot doesn't use postcopy nor background snapshot, so allow snapshot

+ * even if they are on.

*/

if (runstate_check(RUN_STATE_SAVE_VM)) {

return 0;

@@ -XXX,XX +XXX,XX @@ static int vfio_save_prepare(void *opaque, Error **errp)

return -EOPNOTSUPP;

+ if (migrate_background_snapshot()) {

+ error_setg(

+ errp,

+ "%s: VFIO migration is not supported with background snapshot",

+ vbasedev->name);

+ return -EOPNOTSUPP;

return 0;

}

2.41.0

From: Avihai Horon <avihaih@nvidia.com>

The functions in target.c are not static, yet they don't have a proper

migration prefix. Add such prefix.

Signed-off-by: Avihai Horon <avihaih@nvidia.com>

Reviewed-by: Cédric Le Goater <clg@redhat.com>

migration/migration.h | 4 ++--

migration/migration.c | 6 +++---

migration/savevm.c | 2 +-

migration/target.c | 8 ++++----

4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/migration/migration.h b/migration/migration.h

--- a/migration/migration.h

+++ b/migration/migration.h

@@ -XXX,XX +XXX,XX @@ void migration_consume_urgent_request(void);

bool migration_rate_limit(void);

void migration_cancel(const Error *error);

-void populate_vfio_info(MigrationInfo *info);

-void reset_vfio_bytes_transferred(void);

+void migration_populate_vfio_info(MigrationInfo *info);

+void migration_reset_vfio_bytes_transferred(void);

void postcopy_temp_page_reset(PostcopyTmpPage *tmp_page);

#endif

diff --git a/migration/migration.c b/migration/migration.c

--- a/migration/migration.c

+++ b/migration/migration.c

@@ -XXX,XX +XXX,XX @@ static void fill_source_migration_info(MigrationInfo *info)

populate_time_info(info, s);

populate_ram_info(info, s);

populate_disk_info(info);

- populate_vfio_info(info);

+ migration_populate_vfio_info(info);

break;

case MIGRATION_STATUS_COLO:

info->has_status = true;

@@ -XXX,XX +XXX,XX @@ static void fill_source_migration_info(MigrationInfo *info)

case MIGRATION_STATUS_COMPLETED:

populate_time_info(info, s);

populate_ram_info(info, s);

- populate_vfio_info(info);

+ migration_populate_vfio_info(info);

break;

case MIGRATION_STATUS_FAILED:

info->has_status = true;

@@ -XXX,XX +XXX,XX @@ static bool migrate_prepare(MigrationState *s, bool blk, bool blk_inc,

memset(&mig_stats, 0, sizeof(mig_stats));

memset(&compression_counters, 0, sizeof(compression_counters));

- reset_vfio_bytes_transferred();

+ migration_reset_vfio_bytes_transferred();