1:53 a.m.
When failing on starting a domain, it tries to reattach all the PCI
devices defined in the domain conf, regardless of whether the devices
are still used by other domain. This will cause the devices are deleted
from the list qemu_driver->activePciHostdevs, thus the devices will be
thought as usable even if it's not true. And following commands
nodedev-{reattach,reset} will be successful.
How to reproduce:
1) Define two domains with same PCI device defined in the confs.
2) # virsh start domain1
3) # virsh start domain2
4) # virsh nodedev-reattach $pci_device
You will see the device will be reattached to host successfully.
As pciDeviceReattach just check if the device is still used by
other domain via checking if the device is in list driver->activePciHostdevs,
however, the device is deleted from the list by step 2).
This patch is to prohibit the bug by:
1) Prohibit a domain starting or device attachment right at
preparation period (qemuPrepareHostdevPCIDevices) if the
device is in list driver->activePciHostdevs, which means
it's used by other domain.
2) Introduces a new field for struct _pciDevice, (char *used_by),
it will be set as the domain name at preparation period,
(qemuPrepareHostdevPCIDevices). Thus we can prohibit deleting
the device from driver->activePciHostdevs if it's still used by
other domain when stopping the domain process.
* src/pci.h (define two internal functions, pciDeviceSetUsedBy and
pciDevceGetUsedBy)
* src/pci.c (new field "char *used_by" for struct _pciDevice,
implementations for the two new functions)
* src/libvirt_private.syms (Add the two new internal functions)
* src/qemu_hostdev.h (Modify the definition of functions
qemuPrepareHostdevPCIDevices, and qemuDomainReAttachHostdevDevices)
* src/qemu_hostdev.c (Prohibit preparation and don't delete the
device from activePciHostdevs list if it's still used by other domain)
* src/qemu_hotplug.c (Update function usage, as the definitions are
changed)
---
src/libvirt_private.syms | 2 ++
src/qemu/qemu_hostdev.c | 31 ++++++++++++++++++++++++++++---
src/qemu/qemu_hostdev.h | 2 ++
src/qemu/qemu_hotplug.c | 4 ++--
src/util/pci.c | 22 ++++++++++++++++++++++
src/util/pci.h | 3 +++
6 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 8235ea1..a5c5e6c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -872,6 +872,7 @@ virNWFilterHashTableRemoveEntry;
pciDettachDevice;
pciDeviceFileIterate;
pciDeviceGetManaged;
+pciDeviceGetUsedBy;
pciDeviceIsAssignable;
pciDeviceIsVirtualFunction;
pciDeviceListAdd;
@@ -884,6 +885,7 @@ pciDeviceListSteal;
pciDeviceNetName;
pciDeviceReAttachInit;
pciDeviceSetManaged;
+pciDeviceSetUsedBy;
pciFreeDevice;
pciGetDevice;
pciGetPhysicalFunction;
diff --git a/src/qemu/qemu_hostdev.c b/src/qemu/qemu_hostdev.c
index 6f77717..ef9e3b7 100644
--- a/src/qemu/qemu_hostdev.c
+++ b/src/qemu/qemu_hostdev.c
@@ -101,6 +101,7 @@ cleanup:
int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
+ const char *name,
virDomainHostdevDefPtr *hostdevs,
int nhostdevs)
{
@@ -126,7 +127,10 @@ int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
for (i = 0; i < pciDeviceListCount(pcidevs); i++) {
pciDevice *dev = pciDeviceListGet(pcidevs, i);
if (!pciDeviceIsAssignable(dev, !driver->relaxedACS))
- goto reattachdevs;
+ goto cleanup;
+
+ if (pciDeviceListFind(driver->activePciHostdevs, dev))
+ goto cleanup;
if (pciDeviceGetManaged(dev) &&
pciDettachDevice(dev, driver->activePciHostdevs) < 0)
@@ -156,6 +160,14 @@ int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
pciDeviceListSteal(pcidevs, dev);
}
+ /* Now set the used_by_domain of the device in driver->activePciHostdevs
+ * as domain name.
+ */
+ for (i = 0; i < pciDeviceListCount(driver->activePciHostdevs); i++) {
+ pciDevice * dev = pciDeviceListGet(driver->activePciHostdevs, i);
+ pciDeviceSetUsedBy(dev, name);
+ }
+
ret = 0;
goto cleanup;
@@ -183,7 +195,7 @@ static int
qemuPrepareHostPCIDevices(struct qemud_driver *driver,
virDomainDefPtr def)
{
- return qemuPrepareHostdevPCIDevices(driver, def->hostdevs, def->nhostdevs);
+ return qemuPrepareHostdevPCIDevices(driver, def->name, def->hostdevs,
def->nhostdevs);
}
@@ -258,11 +270,13 @@ void qemuReattachPciDevice(pciDevice *dev, struct qemud_driver
*driver)
void qemuDomainReAttachHostdevDevices(struct qemud_driver *driver,
+ const char *name,
virDomainHostdevDefPtr *hostdevs,
int nhostdevs)
{
pciDeviceList *pcidevs;
int i;
+ const char *used_by = NULL;
if (!(pcidevs = qemuGetPciHostDeviceList(hostdevs, nhostdevs))) {
virErrorPtr err = virGetLastError();
@@ -277,6 +291,17 @@ void qemuDomainReAttachHostdevDevices(struct qemud_driver *driver,
for (i = 0; i < pciDeviceListCount(pcidevs); i++) {
pciDevice *dev = pciDeviceListGet(pcidevs, i);
+ pciDevice *activeDev = NULL;
+
+ /* Never delete the dev from list driver->activePciHostdevs
+ * if it's used by other domain.
+ */
+ activeDev = pciDeviceListFind(driver->activePciHostdevs, dev);
+ if (activeDev &&
+ (used_by = pciDeviceGetUsedBy(activeDev)) &&
+ STRNEQ(used_by, name))
+ continue;
+
pciDeviceListDel(driver->activePciHostdevs, dev);
}
@@ -305,5 +330,5 @@ void qemuDomainReAttachHostDevices(struct qemud_driver *driver,
if (!def->nhostdevs)
return;
- qemuDomainReAttachHostdevDevices(driver, def->hostdevs, def->nhostdevs);
+ qemuDomainReAttachHostdevDevices(driver, def->name, def->hostdevs,
def->nhostdevs);
}
diff --git a/src/qemu/qemu_hostdev.h b/src/qemu/qemu_hostdev.h
index 1f3d1bc..07d7de2 100644
--- a/src/qemu/qemu_hostdev.h
+++ b/src/qemu/qemu_hostdev.h
@@ -30,12 +30,14 @@
int qemuUpdateActivePciHostdevs(struct qemud_driver *driver,
virDomainDefPtr def);
int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
+ const char *name,
virDomainHostdevDefPtr *hostdevs,
int nhostdevs);
int qemuPrepareHostDevices(struct qemud_driver *driver,
virDomainDefPtr def);
void qemuReattachPciDevice(pciDevice *dev, struct qemud_driver *driver);
void qemuDomainReAttachHostdevDevices(struct qemud_driver *driver,
+ const char *name,
virDomainHostdevDefPtr *hostdevs,
int nhostdevs);
void qemuDomainReAttachHostDevices(struct qemud_driver *driver,
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 6cfe392..dc920e7 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -859,7 +859,7 @@ int qemuDomainAttachHostPciDevice(struct qemud_driver *driver,
return -1;
}
- if (qemuPrepareHostdevPCIDevices(driver, &hostdev, 1) < 0)
+ if (qemuPrepareHostdevPCIDevices(driver, vm->def->name, &hostdev, 1) <
0)
return -1;
if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
@@ -925,7 +925,7 @@ error:
hostdev->info.addr.pci.slot) < 0)
VIR_WARN("Unable to release PCI address on host device");
- qemuDomainReAttachHostdevDevices(driver, &hostdev, 1);
+ qemuDomainReAttachHostdevDevices(driver, vm->def->name, &hostdev, 1);
VIR_FREE(devstr);
VIR_FREE(configfd_name);
diff --git a/src/util/pci.c b/src/util/pci.c
index 8d8e157..38548c7 100644
--- a/src/util/pci.c
+++ b/src/util/pci.c
@@ -62,6 +62,7 @@ struct _pciDevice {
char name[PCI_ADDR_LEN]; /* domain:bus:slot.function */
char id[PCI_ID_LEN]; /* product vendor */
char *path;
+ char *used_by; /* The domain which uses the device */
int fd;
unsigned initted;
@@ -1312,6 +1313,7 @@ pciGetDevice(unsigned domain,
dev->bus = bus;
dev->slot = slot;
dev->function = function;
+ dev->used_by = NULL;
if (snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
dev->domain, dev->bus, dev->slot,
@@ -1374,6 +1376,7 @@ pciFreeDevice(pciDevice *dev)
VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
pciCloseConfig(dev);
VIR_FREE(dev->path);
+ VIR_FREE(dev->used_by);
VIR_FREE(dev);
}
@@ -1387,6 +1390,25 @@ unsigned pciDeviceGetManaged(pciDevice *dev)
return dev->managed;
}
+int
+pciDeviceSetUsedBy(pciDevice *dev, const char *name)
+{
+ dev->used_by = strdup(name);
+
+ if (!dev->used_by) {
+ virReportOOMError();
+ return -1;
+ }
+
+ return 0;
+}
+
+const char *
+pciDeviceGetUsedBy(pciDevice *dev)
+{
+ return dev->used_by;
+}
+
void pciDeviceReAttachInit(pciDevice *pci)
{
pci->unbind_from_stub = 1;
diff --git a/src/util/pci.h b/src/util/pci.h
index a1600fe..c9d8227 100644
--- a/src/util/pci.h
+++ b/src/util/pci.h
@@ -47,6 +47,9 @@ int pciResetDevice (pciDevice *dev,
void pciDeviceSetManaged(pciDevice *dev,
unsigned managed);
unsigned pciDeviceGetManaged(pciDevice *dev);
+int pciDeviceSetUsedBy(pciDevice *dev,
+ const char *used_by);
+const char *pciDeviceGetUsedBy(pciDevice *dev);
void pciDeviceReAttachInit(pciDevice *dev);
pciDeviceList *pciDeviceListNew (void);
--
1.7.6
11:01 p.m.
Anybody could help review this? Thanks
Osier
于 2011年09月27日 14:53, Osier Yang 写道:
When failing on starting a domain, it tries to reattach all the PCI
devices defined in the domain conf, regardless of whether the devices
are still used by other domain. This will cause the devices are deleted
from the list qemu_driver->activePciHostdevs, thus the devices will be
thought as usable even if it's not true. And following commands
nodedev-{reattach,reset} will be successful.
How to reproduce:
1) Define two domains with same PCI device defined in the confs.
2) # virsh start domain1
3) # virsh start domain2
4) # virsh nodedev-reattach $pci_device
You will see the device will be reattached to host successfully.
As pciDeviceReattach just check if the device is still used by
other domain via checking if the device is in list driver->activePciHostdevs,
however, the device is deleted from the list by step 2).
This patch is to prohibit the bug by:
1) Prohibit a domain starting or device attachment right at
preparation period (qemuPrepareHostdevPCIDevices) if the
device is in list driver->activePciHostdevs, which means
it's used by other domain.
2) Introduces a new field for struct _pciDevice, (char *used_by),
it will be set as the domain name at preparation period,
(qemuPrepareHostdevPCIDevices). Thus we can prohibit deleting
the device from driver->activePciHostdevs if it's still used by
other domain when stopping the domain process.
* src/pci.h (define two internal functions, pciDeviceSetUsedBy and
pciDevceGetUsedBy)
* src/pci.c (new field "char *used_by" for struct _pciDevice,
implementations for the two new functions)
* src/libvirt_private.syms (Add the two new internal functions)
* src/qemu_hostdev.h (Modify the definition of functions
qemuPrepareHostdevPCIDevices, and qemuDomainReAttachHostdevDevices)
* src/qemu_hostdev.c (Prohibit preparation and don't delete the
device from activePciHostdevs list if it's still used by other domain)
* src/qemu_hotplug.c (Update function usage, as the definitions are
changed)
---
src/libvirt_private.syms | 2 ++
src/qemu/qemu_hostdev.c | 31 ++++++++++++++++++++++++++++---
src/qemu/qemu_hostdev.h | 2 ++
src/qemu/qemu_hotplug.c | 4 ++--
src/util/pci.c | 22 ++++++++++++++++++++++
src/util/pci.h | 3 +++
6 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 8235ea1..a5c5e6c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -872,6 +872,7 @@ virNWFilterHashTableRemoveEntry;
pciDettachDevice;
pciDeviceFileIterate;
pciDeviceGetManaged;
+pciDeviceGetUsedBy;
pciDeviceIsAssignable;
pciDeviceIsVirtualFunction;
pciDeviceListAdd;
@@ -884,6 +885,7 @@ pciDeviceListSteal;
pciDeviceNetName;
pciDeviceReAttachInit;
pciDeviceSetManaged;
+pciDeviceSetUsedBy;
pciFreeDevice;
pciGetDevice;
pciGetPhysicalFunction;
diff --git a/src/qemu/qemu_hostdev.c b/src/qemu/qemu_hostdev.c
index 6f77717..ef9e3b7 100644
--- a/src/qemu/qemu_hostdev.c
+++ b/src/qemu/qemu_hostdev.c
@@ -101,6 +101,7 @@ cleanup:
int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
+ const char *name,
virDomainHostdevDefPtr *hostdevs,
int nhostdevs)
{
@@ -126,7 +127,10 @@ int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
for (i = 0; i < pciDeviceListCount(pcidevs); i++) {
pciDevice *dev = pciDeviceListGet(pcidevs, i);
if (!pciDeviceIsAssignable(dev, !driver->relaxedACS))
- goto reattachdevs;
+ goto cleanup;
+
+ if (pciDeviceListFind(driver->activePciHostdevs, dev))
+ goto cleanup;
if (pciDeviceGetManaged(dev) &&
pciDettachDevice(dev, driver->activePciHostdevs) < 0)
@@ -156,6 +160,14 @@ int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
pciDeviceListSteal(pcidevs, dev);
}
+ /* Now set the used_by_domain of the device in driver->activePciHostdevs
+ * as domain name.
+ */
+ for (i = 0; i < pciDeviceListCount(driver->activePciHostdevs); i++) {
+ pciDevice * dev = pciDeviceListGet(driver->activePciHostdevs, i);
+ pciDeviceSetUsedBy(dev, name);
+ }
+
ret = 0;
goto cleanup;
@@ -183,7 +195,7 @@ static int
qemuPrepareHostPCIDevices(struct qemud_driver *driver,
virDomainDefPtr def)
{
- return qemuPrepareHostdevPCIDevices(driver, def->hostdevs, def->nhostdevs);
+ return qemuPrepareHostdevPCIDevices(driver, def->name, def->hostdevs,
def->nhostdevs);
}
@@ -258,11 +270,13 @@ void qemuReattachPciDevice(pciDevice *dev, struct qemud_driver
*driver)
void qemuDomainReAttachHostdevDevices(struct qemud_driver *driver,
+ const char *name,
virDomainHostdevDefPtr *hostdevs,
int nhostdevs)
{
pciDeviceList *pcidevs;
int i;
+ const char *used_by = NULL;
if (!(pcidevs = qemuGetPciHostDeviceList(hostdevs, nhostdevs))) {
virErrorPtr err = virGetLastError();
@@ -277,6 +291,17 @@ void qemuDomainReAttachHostdevDevices(struct qemud_driver *driver,
for (i = 0; i < pciDeviceListCount(pcidevs); i++) {
pciDevice *dev = pciDeviceListGet(pcidevs, i);
+ pciDevice *activeDev = NULL;
+
+ /* Never delete the dev from list driver->activePciHostdevs
+ * if it's used by other domain.
+ */
+ activeDev = pciDeviceListFind(driver->activePciHostdevs, dev);
+ if (activeDev &&
+ (used_by = pciDeviceGetUsedBy(activeDev)) &&
+ STRNEQ(used_by, name))
+ continue;
+
pciDeviceListDel(driver->activePciHostdevs, dev);
}
@@ -305,5 +330,5 @@ void qemuDomainReAttachHostDevices(struct qemud_driver *driver,
if (!def->nhostdevs)
return;
- qemuDomainReAttachHostdevDevices(driver, def->hostdevs, def->nhostdevs);
+ qemuDomainReAttachHostdevDevices(driver, def->name, def->hostdevs,
def->nhostdevs);
}
diff --git a/src/qemu/qemu_hostdev.h b/src/qemu/qemu_hostdev.h
index 1f3d1bc..07d7de2 100644
--- a/src/qemu/qemu_hostdev.h
+++ b/src/qemu/qemu_hostdev.h
@@ -30,12 +30,14 @@
int qemuUpdateActivePciHostdevs(struct qemud_driver *driver,
virDomainDefPtr def);
int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
+ const char *name,
virDomainHostdevDefPtr *hostdevs,
int nhostdevs);
int qemuPrepareHostDevices(struct qemud_driver *driver,
virDomainDefPtr def);
void qemuReattachPciDevice(pciDevice *dev, struct qemud_driver *driver);
void qemuDomainReAttachHostdevDevices(struct qemud_driver *driver,
+ const char *name,
virDomainHostdevDefPtr *hostdevs,
int nhostdevs);
void qemuDomainReAttachHostDevices(struct qemud_driver *driver,
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 6cfe392..dc920e7 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -859,7 +859,7 @@ int qemuDomainAttachHostPciDevice(struct qemud_driver *driver,
return -1;
}
- if (qemuPrepareHostdevPCIDevices(driver, &hostdev, 1) < 0)
+ if (qemuPrepareHostdevPCIDevices(driver, vm->def->name, &hostdev, 1) <
0)
return -1;
if (qemuCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
@@ -925,7 +925,7 @@ error:
hostdev->info.addr.pci.slot) < 0)
VIR_WARN("Unable to release PCI address on host device");
- qemuDomainReAttachHostdevDevices(driver, &hostdev, 1);
+ qemuDomainReAttachHostdevDevices(driver, vm->def->name, &hostdev, 1);
VIR_FREE(devstr);
VIR_FREE(configfd_name);
diff --git a/src/util/pci.c b/src/util/pci.c
index 8d8e157..38548c7 100644
--- a/src/util/pci.c
+++ b/src/util/pci.c
@@ -62,6 +62,7 @@ struct _pciDevice {
char name[PCI_ADDR_LEN]; /* domain:bus:slot.function */
char id[PCI_ID_LEN]; /* product vendor */
char *path;
+ char *used_by; /* The domain which uses the device */
int fd;
unsigned initted;
@@ -1312,6 +1313,7 @@ pciGetDevice(unsigned domain,
dev->bus = bus;
dev->slot = slot;
dev->function = function;
+ dev->used_by = NULL;
if (snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
dev->domain, dev->bus, dev->slot,
@@ -1374,6 +1376,7 @@ pciFreeDevice(pciDevice *dev)
VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
pciCloseConfig(dev);
VIR_FREE(dev->path);
+ VIR_FREE(dev->used_by);
VIR_FREE(dev);
}
@@ -1387,6 +1390,25 @@ unsigned pciDeviceGetManaged(pciDevice *dev)
return dev->managed;
}
+int
+pciDeviceSetUsedBy(pciDevice *dev, const char *name)
+{
+ dev->used_by = strdup(name);
+
+ if (!dev->used_by) {
+ virReportOOMError();
+ return -1;
+ }
+
+ return 0;
+}
+
+const char *
+pciDeviceGetUsedBy(pciDevice *dev)
+{
+ return dev->used_by;
+}
+
void pciDeviceReAttachInit(pciDevice *pci)
{
pci->unbind_from_stub = 1;
diff --git a/src/util/pci.h b/src/util/pci.h
index a1600fe..c9d8227 100644
--- a/src/util/pci.h
+++ b/src/util/pci.h
@@ -47,6 +47,9 @@ int pciResetDevice (pciDevice *dev,
void pciDeviceSetManaged(pciDevice *dev,
unsigned managed);
unsigned pciDeviceGetManaged(pciDevice *dev);
+int pciDeviceSetUsedBy(pciDevice *dev,
+ const char *used_by);
+const char *pciDeviceGetUsedBy(pciDevice *dev);
void pciDeviceReAttachInit(pciDevice *dev);
pciDeviceList *pciDeviceListNew (void);
11:41 a.m.
On 09/27/2011 12:53 AM, Osier Yang wrote:
Apologies on the delayed review. This is some hairy code, and I want to
make sure we get it right, so I kind of shelved it knowing it would be a
longer review.
When failing on starting a domain, it tries to reattach all the PCI
devices defined in the domain conf, regardless of whether the devices
are still used by other domain. This will cause the devices are deleted
s/are deleted/to be deleted/
from the list qemu_driver->activePciHostdevs, thus the devices
will be
thought as usable even if it's not true. And following commands
nodedev-{reattach,reset} will be successful.
How to reproduce:
1) Define two domains with same PCI device defined in the confs.
2) # virsh start domain1
3) # virsh start domain2
4) # virsh nodedev-reattach $pci_device
You will see the device will be reattached to host successfully.
As pciDeviceReattach just check if the device is still used by
other domain via checking if the device is in list driver->activePciHostdevs,
however, the device is deleted from the list by step 2).
Ouch, and definitely needs patching.
This patch is to prohibit the bug by:
1) Prohibit a domain starting or device attachment right at
preparation period (qemuPrepareHostdevPCIDevices) if the
device is in list driver->activePciHostdevs, which means
it's used by other domain.
Off-hand, I'm not sure if this is quite right - it is completely valid
to have two persistent domains both using the same hostdev, _as long as_
you guarantee that at most one of those two domains is active at a time.
Is qemuPrepareHostdevPCIDevices called at define time (when the
persistent xml is stored) or at start time (when actually starting the
guest)?
[/me goes and looks...]
Yay! qemuPrepareHostdevPCIDevices is only called during hot-plug (domain
already active) and by qemuPrepareHostDevices(), which in turn is only
used in qemuProcessStart. So it does indeed look like this patch merely
prohibits starting domain2 if domain1 is running in your above example,
but does not prohibit both definitions from existing.
2) Introduces a new field for struct _pciDevice, (char *used_by),
it will be set as the domain name at preparation period,
(qemuPrepareHostdevPCIDevices). Thus we can prohibit deleting
the device from driver->activePciHostdevs if it's still used by
other domain when stopping the domain process.
* src/pci.h (define two internal functions, pciDeviceSetUsedBy and
pciDevceGetUsedBy)
* src/pci.c (new field "char *used_by" for struct _pciDevice,
implementations for the two new functions)
* src/libvirt_private.syms (Add the two new internal functions)
* src/qemu_hostdev.h (Modify the definition of functions
qemuPrepareHostdevPCIDevices, and qemuDomainReAttachHostdevDevices)
* src/qemu_hostdev.c (Prohibit preparation and don't delete the
device from activePciHostdevs list if it's still used by other domain)
* src/qemu_hotplug.c (Update function usage, as the definitions are
changed)
---
src/libvirt_private.syms | 2 ++
src/qemu/qemu_hostdev.c | 31 ++++++++++++++++++++++++++++---
src/qemu/qemu_hostdev.h | 2 ++
src/qemu/qemu_hotplug.c | 4 ++--
src/util/pci.c | 22 ++++++++++++++++++++++
src/util/pci.h | 3 +++
6 files changed, 59 insertions(+), 5 deletions(-)
@@ -126,7 +127,10 @@ int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
for (i = 0; i< pciDeviceListCount(pcidevs); i++) {
pciDevice *dev = pciDeviceListGet(pcidevs, i);
if (!pciDeviceIsAssignable(dev, !driver->relaxedACS))
- goto reattachdevs;
+ goto cleanup;
This doesn't seem right, when there are multiple devices.
Pre-patch, suppose we had:
dev1 - is assignable, is managed, and detach succeeds (nevermind the
spelling error in pciDettachDevice)
dev2 - is not assignable
goto reattachdevs
dev1 - is managed, so it is reattached
Now we have:
dev1 - is assignable, is not active, and detach succeeds
dev2 - is not assignable
goto cleanup
Oops - we left dev1 detached.
I think you _have_ to break this into two separate loops (and adjust the
line earlier about 4 loops to now call out 5 loops!).
Loop 1 - prove that all desired devices are assignable and not already
active
Loop 2 - for all managed devices, detach them
+
+ if (pciDeviceListFind(driver->activePciHostdevs, dev))
+ goto cleanup;
This is correct for loop 1, validating that the requested device is not
already in use by another active domain.
if (pciDeviceGetManaged(dev)&&
pciDettachDevice(dev, driver->activePciHostdevs)< 0)
@@ -156,6 +160,14 @@ int qemuPrepareHostdevPCIDevices(struct qemud_driver *driver,
pciDeviceListSteal(pcidevs, dev);
}
+ /* Now set the used_by_domain of the device in driver->activePciHostdevs
+ * as domain name.
+ */
+ for (i = 0; i< pciDeviceListCount(driver->activePciHostdevs); i++) {
+ pciDevice * dev = pciDeviceListGet(driver->activePciHostdevs, i);
Formatting: s/* dev/*dev/
This iterates over all active pci devices, but it _should_ be iterating
only over the pci devices in use by the given domain. Otherwise, you have:
dom1 - takes dev1, dev1 in use by "dom1"
dom2 - takes dev2, now dev1 and dev2 both in use by "dom2"
+ pciDeviceSetUsedBy(dev, name);
Ouch. pciDeviceSetUsedBy is malloc'ing memory, but you aren't checking
for failure. More on this below...
@@ -277,6 +291,17 @@ void qemuDomainReAttachHostdevDevices(struct
qemud_driver *driver,
for (i = 0; i< pciDeviceListCount(pcidevs); i++) {
pciDevice *dev = pciDeviceListGet(pcidevs, i);
+ pciDevice *activeDev = NULL;
+
+ /* Never delete the dev from list driver->activePciHostdevs
+ * if it's used by other domain.
+ */
+ activeDev = pciDeviceListFind(driver->activePciHostdevs, dev);
+ if (activeDev&&
+ (used_by = pciDeviceGetUsedBy(activeDev))&&
+ STRNEQ(used_by, name))
I would have simplified these two conditions to one line:
STRNEQ(name, pciDeviceGetUsedBy(activeDev))
+++ b/src/util/pci.c
@@ -62,6 +62,7 @@ struct _pciDevice {
char name[PCI_ADDR_LEN]; /* domain:bus:slot.function */
char id[PCI_ID_LEN]; /* product vendor */
char *path;
+ char *used_by; /* The domain which uses the device */
As promised above, why not make this 'const char *used_by', since a
domain can only own a device for as long as it is active, and as long as
the domain is active, then the domain's name will be in scope. Then,
you don't have to strdup() the name, and don't have to worry about
malloc failure. But you _do_ have to worry about setting the name back
to NULL after a domain goes inactive or the device is hotplugged, to
update the fact that no active domain owns the device.
int fd;
unsigned initted;
@@ -1312,6 +1313,7 @@ pciGetDevice(unsigned domain,
dev->bus = bus;
dev->slot = slot;
dev->function = function;
+ dev->used_by = NULL;
if (snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
dev->domain, dev->bus, dev->slot,
@@ -1374,6 +1376,7 @@ pciFreeDevice(pciDevice *dev)
VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
pciCloseConfig(dev);
VIR_FREE(dev->path);
+ VIR_FREE(dev->used_by);
If you use my suggestion of pointing to the pre-existing domain name,
rather than strdup(), then you don't want this line.
VIR_FREE(dev);
}
@@ -1387,6 +1390,25 @@ unsigned pciDeviceGetManaged(pciDevice *dev)
return dev->managed;
}
+int
+pciDeviceSetUsedBy(pciDevice *dev, const char *name)
+{
+ dev->used_by = strdup(name);
+
+ if (!dev->used_by) {
+ virReportOOMError();
+ return -1;
+ }
+
+ return 0;
and here, you could make the function return void (straight pointer
assignment, rather than strdup()).
Needs a v2, but we should definitely get this patched.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
7:53 p.m.
于 2011年10月13日 00:41, Eric Blake 写道:
On 09/27/2011 12:53 AM, Osier Yang wrote:
Apologies on the delayed review. This is some hairy code, and I want
to make sure we get it right, so I kind of shelved it knowing it would
be a longer review.
> When failing on starting a domain, it tries to reattach all the PCI
> devices defined in the domain conf, regardless of whether the devices
> are still used by other domain. This will cause the devices are deleted
s/are deleted/to be deleted/
> from the list qemu_driver->activePciHostdevs, thus the devices will be
> thought as usable even if it's not true. And following commands
> nodedev-{reattach,reset} will be successful.
>
> How to reproduce:
> 1) Define two domains with same PCI device defined in the confs.
> 2) # virsh start domain1
> 3) # virsh start domain2
> 4) # virsh nodedev-reattach $pci_device
>
> You will see the device will be reattached to host successfully.
> As pciDeviceReattach just check if the device is still used by
> other domain via checking if the device is in list
> driver->activePciHostdevs,
> however, the device is deleted from the list by step 2).
Ouch, and definitely needs patching.
>
> This patch is to prohibit the bug by:
> 1) Prohibit a domain starting or device attachment right at
> preparation period (qemuPrepareHostdevPCIDevices) if the
> device is in list driver->activePciHostdevs, which means
> it's used by other domain.
Off-hand, I'm not sure if this is quite right - it is completely valid
to have two persistent domains both using the same hostdev, _as long
as_ you guarantee that at most one of those two domains is active at a
time. Is qemuPrepareHostdevPCIDevices called at define time (when the
persistent xml is stored) or at start time (when actually starting the
guest)?
[/me goes and looks...]
Yay! qemuPrepareHostdevPCIDevices is only called during hot-plug
(domain already active) and by qemuPrepareHostDevices(), which in turn
is only used in qemuProcessStart. So it does indeed look like this
patch merely prohibits starting domain2 if domain1 is running in your
above example, but does not prohibit both definitions from existing.
Yes, I checked this too when doing the patch.
>
> 2) Introduces a new field for struct _pciDevice, (char *used_by),
> it will be set as the domain name at preparation period,
> (qemuPrepareHostdevPCIDevices). Thus we can prohibit deleting
> the device from driver->activePciHostdevs if it's still used by
> other domain when stopping the domain process.
>
> * src/pci.h (define two internal functions, pciDeviceSetUsedBy and
> pciDevceGetUsedBy)
> * src/pci.c (new field "char *used_by" for struct _pciDevice,
> implementations for the two new functions)
> * src/libvirt_private.syms (Add the two new internal functions)
> * src/qemu_hostdev.h (Modify the definition of functions
> qemuPrepareHostdevPCIDevices, and qemuDomainReAttachHostdevDevices)
> * src/qemu_hostdev.c (Prohibit preparation and don't delete the
> device from activePciHostdevs list if it's still used by other domain)
> * src/qemu_hotplug.c (Update function usage, as the definitions are
> changed)
> ---
> src/libvirt_private.syms | 2 ++
> src/qemu/qemu_hostdev.c | 31 ++++++++++++++++++++++++++++---
> src/qemu/qemu_hostdev.h | 2 ++
> src/qemu/qemu_hotplug.c | 4 ++--
> src/util/pci.c | 22 ++++++++++++++++++++++
> src/util/pci.h | 3 +++
> 6 files changed, 59 insertions(+), 5 deletions(-)
>
> @@ -126,7 +127,10 @@ int qemuPrepareHostdevPCIDevices(struct
> qemud_driver *driver,
> for (i = 0; i< pciDeviceListCount(pcidevs); i++) {
> pciDevice *dev = pciDeviceListGet(pcidevs, i);
> if (!pciDeviceIsAssignable(dev, !driver->relaxedACS))
> - goto reattachdevs;
> + goto cleanup;
This doesn't seem right, when there are multiple devices.
Pre-patch, suppose we had:
dev1 - is assignable, is managed, and detach succeeds (nevermind the
spelling error in pciDettachDevice)
dev2 - is not assignable
goto reattachdevs
dev1 - is managed, so it is reattached
Now we have:
dev1 - is assignable, is not active, and detach succeeds
dev2 - is not assignable
goto cleanup
Oops - we left dev1 detached.
I think you _have_ to break this into two separate loops (and adjust
the line earlier about 4 loops to now call out 5 loops!).
Loop 1 - prove that all desired devices are assignable and not already
active
Loop 2 - for all managed devices, detach them
Oops, I ignored in the loop there is also pciDeviceDetach. And yes,
breaking them into 2 loops is good.
> +
> + if (pciDeviceListFind(driver->activePciHostdevs, dev))
> + goto cleanup;
This is correct for loop 1, validating that the requested device is
not already in use by another active domain.
>
> if (pciDeviceGetManaged(dev)&&
> pciDettachDevice(dev, driver->activePciHostdevs)< 0)
> @@ -156,6 +160,14 @@ int qemuPrepareHostdevPCIDevices(struct
> qemud_driver *driver,
> pciDeviceListSteal(pcidevs, dev);
> }
>
> + /* Now set the used_by_domain of the device in
> driver->activePciHostdevs
> + * as domain name.
> + */
> + for (i = 0; i< pciDeviceListCount(driver->activePciHostdevs); i++) {
> + pciDevice * dev = pciDeviceListGet(driver->activePciHostdevs, i);
Formatting: s/* dev/*dev/
This iterates over all active pci devices, but it _should_ be
iterating only over the pci devices in use by the given domain.
Otherwise, you have:
dom1 - takes dev1, dev1 in use by "dom1"
dom2 - takes dev2, now dev1 and dev2 both in use by "dom2"
Ah, right. I was blind on this with testing on just one domain.
> + pciDeviceSetUsedBy(dev, name);
Ouch. pciDeviceSetUsedBy is malloc'ing memory, but you aren't checking
for failure. More on this below...
okay
> @@ -277,6 +291,17 @@ void qemuDomainReAttachHostdevDevices(struct
> qemud_driver *driver,
>
> for (i = 0; i< pciDeviceListCount(pcidevs); i++) {
> pciDevice *dev = pciDeviceListGet(pcidevs, i);
> + pciDevice *activeDev = NULL;
> +
> + /* Never delete the dev from list driver->activePciHostdevs
> + * if it's used by other domain.
> + */
> + activeDev = pciDeviceListFind(driver->activePciHostdevs, dev);
> + if (activeDev&&
> + (used_by = pciDeviceGetUsedBy(activeDev))&&
> + STRNEQ(used_by, name))
I would have simplified these two conditions to one line:
STRNEQ(name, pciDeviceGetUsedBy(activeDev))
Okay, make sense.
> +++ b/src/util/pci.c
> @@ -62,6 +62,7 @@ struct _pciDevice {
> char name[PCI_ADDR_LEN]; /* domain:bus:slot.function */
> char id[PCI_ID_LEN]; /* product vendor */
> char *path;
> + char *used_by; /* The domain which uses the device */
As promised above, why not make this 'const char *used_by', since a
domain can only own a device for as long as it is active, and as long
as the domain is active, then the domain's name will be in scope.
Then, you don't have to strdup() the name, and don't have to worry
about malloc failure. But you _do_ have to worry about setting the
name back to NULL after a domain goes inactive or the device is
hotplugged, to update the fact that no active domain owns the device.
Sounds good, making a v2.
> int fd;
>
> unsigned initted;
> @@ -1312,6 +1313,7 @@ pciGetDevice(unsigned domain,
> dev->bus = bus;
> dev->slot = slot;
> dev->function = function;
> + dev->used_by = NULL;
>
> if (snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
> dev->domain, dev->bus, dev->slot,
> @@ -1374,6 +1376,7 @@ pciFreeDevice(pciDevice *dev)
> VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
> pciCloseConfig(dev);
> VIR_FREE(dev->path);
> + VIR_FREE(dev->used_by);
If you use my suggestion of pointing to the pre-existing domain name,
rather than strdup(), then you don't want this line.
> VIR_FREE(dev);
> }
>
> @@ -1387,6 +1390,25 @@ unsigned pciDeviceGetManaged(pciDevice *dev)
> return dev->managed;
> }
>
> +int
> +pciDeviceSetUsedBy(pciDevice *dev, const char *name)
> +{
> + dev->used_by = strdup(name);
> +
> + if (!dev->used_by) {
> + virReportOOMError();
> + return -1;
> + }
> +
> + return 0;
and here, you could make the function return void (straight pointer
assignment, rather than strdup()).
Needs a v2, but we should definitely get this patched.
4788
days inactive
4804
days old
3 comments
2 participants
participants (2)
-
Eric Blake -
Osier Yang