From: David Gibson <david@gibson.dropbear.id.au>
To: peter.maydell@linaro.org, groug@kaod.org
Cc: Daniel Henrique Barboza <danielhb413@gmail.com>,
qemu-ppc@nongnu.org, qemu-devel@nongnu.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: [PULL 10/20] spapr_drc.c: introduce unplug_timeout_timer
Date: Wed, 10 Mar 2021 15:09:52 +1100 [thread overview]
Message-ID: <20210310041002.333813-11-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20210310041002.333813-1-david@gibson.dropbear.id.au>
From: Daniel Henrique Barboza <danielhb413@gmail.com>
The LoPAR spec provides no way for the guest kernel to report failure of
hotplug/hotunplug events. This wouldn't be bad if those operations were
granted to always succeed, but that's far for the reality.
What ends up happening is that, in the case of a failed hotunplug,
regardless of whether it was a QEMU error or a guest misbehavior, the
pSeries machine is retaining the unplug state of the device in the
running guest. This state is cleanup in machine reset, where it is
assumed that this state represents a device that is pending unplug, and
the device is hotunpluged from the board. Until the reset occurs, any
hotunplug operation of the same device is forbid because there is a
pending unplug state.
This behavior has at least one undesirable side effect. A long standing
pending unplug state is, more often than not, the result of a hotunplug
error. The user had to dealt with it, since retrying to unplug the
device is noy allowed, and then in the machine reset we're removing the
device from the guest. This means that we're failing the user twice -
failed to hotunplug when asked, then hotunplugged without notice.
Solutions to this problem range between trying to predict when the
hotunplug will fail and forbid the operation from the QEMU layer, from
opening up the IRQ queue to allow for multiple hotunplug attempts, from
telling the users to 'reboot the machine if something goes wrong'. The
first solution is flawed because we can't fully predict guest behavior
from QEMU, the second solution is a trial and error remediation that
counts on a hope that the unplug will eventually succeed, and the third
is ... well.
This patch introduces a crude, but effective solution to hotunplug
errors in the pSeries machine. For each unplug done, we'll timeout after
some time. If a certain amount of time passes, we'll cleanup the
hotunplug state from the machine. During the timeout period, any unplug
operations in the same device will still be blocked. After that, we'll
assume that the guest failed the operation, and allow the user to try
again. If the timeout is too short we'll prevent legitimate hotunplug
situations to occur, so we'll need to overestimate the regular time an
unplug operation takes to succeed to account that.
The true solution for the hotunplug errors in the pSeries machines is a
PAPR change to allow for the guest to warn the platform about it. For
now, the work done in this timeout design can be used for the new PAPR
'abort hcall' in the future, given that for both cases we'll need code
to cleanup the existing unplug states of the DRCs.
At this moment we're adding the basic wiring of the timer into the DRC.
Next patch will use the timer to timeout failed CPU hotunplugs.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20210222194531.62717-4-danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
hw/ppc/spapr_drc.c | 40 ++++++++++++++++++++++++++++++++++++++
include/hw/ppc/spapr_drc.h | 4 ++++
2 files changed, 44 insertions(+)
diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 67041fb212..27adbc5c30 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -57,6 +57,8 @@ static void spapr_drc_release(SpaprDrc *drc)
drck->release(drc->dev);
drc->unplug_requested = false;
+ timer_del(drc->unplug_timeout_timer);
+
g_free(drc->fdt);
drc->fdt = NULL;
drc->fdt_start_offset = 0;
@@ -370,6 +372,17 @@ static void prop_get_fdt(Object *obj, Visitor *v, const char *name,
} while (fdt_depth != 0);
}
+static void spapr_drc_start_unplug_timeout_timer(SpaprDrc *drc)
+{
+ SpaprDrcClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+
+ if (drck->unplug_timeout_seconds != 0) {
+ timer_mod(drc->unplug_timeout_timer,
+ qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
+ drck->unplug_timeout_seconds * 1000);
+ }
+}
+
void spapr_drc_attach(SpaprDrc *drc, DeviceState *d)
{
trace_spapr_drc_attach(spapr_drc_index(drc));
@@ -475,11 +488,23 @@ static bool spapr_drc_needed(void *opaque)
spapr_drc_unplug_requested(drc);
}
+static int spapr_drc_post_load(void *opaque, int version_id)
+{
+ SpaprDrc *drc = opaque;
+
+ if (drc->unplug_requested) {
+ spapr_drc_start_unplug_timeout_timer(drc);
+ }
+
+ return 0;
+}
+
static const VMStateDescription vmstate_spapr_drc = {
.name = "spapr_drc",
.version_id = 1,
.minimum_version_id = 1,
.needed = spapr_drc_needed,
+ .post_load = spapr_drc_post_load,
.fields = (VMStateField []) {
VMSTATE_UINT32(state, SpaprDrc),
VMSTATE_END_OF_LIST()
@@ -490,6 +515,15 @@ static const VMStateDescription vmstate_spapr_drc = {
}
};
+static void drc_unplug_timeout_cb(void *opaque)
+{
+ SpaprDrc *drc = opaque;
+
+ if (drc->unplug_requested) {
+ drc->unplug_requested = false;
+ }
+}
+
static void drc_realize(DeviceState *d, Error **errp)
{
SpaprDrc *drc = SPAPR_DR_CONNECTOR(d);
@@ -512,6 +546,11 @@ static void drc_realize(DeviceState *d, Error **errp)
object_property_add_alias(root_container, link_name,
drc->owner, child_name);
g_free(link_name);
+
+ drc->unplug_timeout_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
+ drc_unplug_timeout_cb,
+ drc);
+
vmstate_register(VMSTATE_IF(drc), spapr_drc_index(drc), &vmstate_spapr_drc,
drc);
trace_spapr_drc_realize_complete(spapr_drc_index(drc));
@@ -529,6 +568,7 @@ static void drc_unrealize(DeviceState *d)
name = g_strdup_printf("%x", spapr_drc_index(drc));
object_property_del(root_container, name);
g_free(name);
+ timer_free(drc->unplug_timeout_timer);
}
SpaprDrc *spapr_dr_connector_new(Object *owner, const char *type,
diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h
index 02a63b3666..38ec4c8091 100644
--- a/include/hw/ppc/spapr_drc.h
+++ b/include/hw/ppc/spapr_drc.h
@@ -187,6 +187,8 @@ typedef struct SpaprDrc {
bool unplug_requested;
void *fdt;
int fdt_start_offset;
+
+ QEMUTimer *unplug_timeout_timer;
} SpaprDrc;
struct SpaprMachineState;
@@ -209,6 +211,8 @@ typedef struct SpaprDrcClass {
int (*dt_populate)(SpaprDrc *drc, struct SpaprMachineState *spapr,
void *fdt, int *fdt_start_offset, Error **errp);
+
+ int unplug_timeout_seconds;
} SpaprDrcClass;
typedef struct SpaprDrcPhysical {
--
2.29.2
next prev parent reply other threads:[~2021-03-10 4:11 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-10 4:09 [PULL 00/20] ppc-for-6.0 queue 20210310 David Gibson
2021-03-10 4:09 ` [PULL 01/20] hw/display/sm501: Remove dead code for non-32-bit RGB surfaces David Gibson
2021-03-10 4:09 ` [PULL 02/20] hw/display/sm501: Expand out macros in template header David Gibson
2021-03-10 4:09 ` [PULL 03/20] hw/display/sm501: Inline template header into C file David Gibson
2021-03-10 4:09 ` [PULL 04/20] spapr_drc.c: do not call spapr_drc_detach() in drc_isolate_logical() David Gibson
2021-03-10 4:09 ` [PULL 05/20] pseries: Update SLOF firmware image David Gibson
2021-03-10 4:09 ` [PULL 06/20] spapr_drc.c: use spapr_drc_release() in isolate_physical/set_unusable David Gibson
2021-03-10 4:09 ` [PULL 07/20] spapr: rename spapr_drc_detach() to spapr_drc_unplug_request() David Gibson
2021-03-10 4:09 ` [PULL 08/20] docs/system: Extend PPC section David Gibson
2021-03-10 4:09 ` [PULL 09/20] target/ppc: Fix bcdsub. emulation when result overflows David Gibson
2021-03-10 4:09 ` David Gibson [this message]
2021-03-10 4:09 ` [PULL 11/20] spapr_drc.c: add hotunplug timeout for CPUs David Gibson
2021-03-10 4:09 ` [PULL 12/20] spapr_drc.c: use DRC reconfiguration to cleanup DIMM unplug state David Gibson
2021-03-10 4:09 ` [PULL 13/20] hw/net: fsl_etsec: Fix build error when HEX_DUMP is on David Gibson
2021-03-10 4:09 ` [PULL 14/20] hw/ppc: e500: Add missing <ranges> in the eTSEC node David Gibson
2021-03-10 4:09 ` [PULL 15/20] spapr.c: add 'unplug already in progress' message for PHB unplug David Gibson
2021-03-10 4:09 ` [PULL 16/20] spapr_pci.c: add 'unplug already in progress' message for PCI unplug David Gibson
2021-03-10 4:09 ` [PULL 17/20] qemu_timer.c: add timer_deadline_ms() helper David Gibson
2021-03-10 4:10 ` [PULL 18/20] target/ppc: fix icount support on Book-e vms accessing SPRs David Gibson
2021-03-10 4:10 ` [PULL 19/20] spapr.c: remove duplicated assert in spapr_memory_unplug_request() David Gibson
2021-03-10 4:10 ` [PULL 20/20] spapr.c: send QAPI event when memory hotunplug fails David Gibson
2021-03-10 4:43 ` [PULL 00/20] ppc-for-6.0 queue 20210310 Bin Meng
2021-03-10 6:00 ` David Gibson
2021-03-11 1:26 ` Bin Meng
2021-03-10 14:09 ` Ivan Warren
2021-03-11 1:47 ` David Gibson
2021-03-11 3:22 ` Ivan Warren
2021-03-11 4:56 ` David Gibson
2021-03-11 13:31 ` Richard Henderson
2021-03-11 15:54 ` Greg Kurz
2021-03-11 18:02 ` Greg Kurz
2021-03-12 13:53 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210310041002.333813-11-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=danielhb413@gmail.com \
--cc=groug@kaod.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.