]> git.proxmox.com Git - mirror_qemu.git/blob - migration/ram.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
block/copy-before-write: implement cbw-timeout option
[mirror_qemu.git] / migration / ram.c
1 /*
2 * QEMU System Emulator
3 *
4 * Copyright (c) 2003-2008 Fabrice Bellard
5 * Copyright (c) 2011-2015 Red Hat Inc
6 *
7 * Authors:
8 * Juan Quintela <quintela@redhat.com>
9 *
10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
16 *
17 * The above copyright notice and this permission notice shall be included in
18 * all copies or substantial portions of the Software.
19 *
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
23 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 * THE SOFTWARE.
27 */
28
29 #include "qemu/osdep.h"
30 #include "qemu/cutils.h"
31 #include "qemu/bitops.h"
32 #include "qemu/bitmap.h"
33 #include "qemu/madvise.h"
34 #include "qemu/main-loop.h"
35 #include "io/channel-null.h"
36 #include "xbzrle.h"
37 #include "ram.h"
38 #include "migration.h"
39 #include "migration/register.h"
40 #include "migration/misc.h"
41 #include "qemu-file.h"
42 #include "postcopy-ram.h"
43 #include "page_cache.h"
44 #include "qemu/error-report.h"
45 #include "qapi/error.h"
46 #include "qapi/qapi-types-migration.h"
47 #include "qapi/qapi-events-migration.h"
48 #include "qapi/qmp/qerror.h"
49 #include "trace.h"
50 #include "exec/ram_addr.h"
51 #include "exec/target_page.h"
52 #include "qemu/rcu_queue.h"
53 #include "migration/colo.h"
54 #include "block.h"
55 #include "sysemu/cpu-throttle.h"
56 #include "savevm.h"
57 #include "qemu/iov.h"
58 #include "multifd.h"
59 #include "sysemu/runstate.h"
60
61 #include "hw/boards.h" /* for machine_dump_guest_core() */
62
63 #if defined(__linux__)
64 #include "qemu/userfaultfd.h"
65 #endif /* defined(__linux__) */
66
67 /***********************************************************/
68 /* ram save/restore */
69
70 /* RAM_SAVE_FLAG_ZERO used to be named RAM_SAVE_FLAG_COMPRESS, it
71 * worked for pages that where filled with the same char. We switched
72 * it to only search for the zero value. And to avoid confusion with
73 * RAM_SSAVE_FLAG_COMPRESS_PAGE just rename it.
74 */
75
76 #define RAM_SAVE_FLAG_FULL 0x01 /* Obsolete, not used anymore */
77 #define RAM_SAVE_FLAG_ZERO 0x02
78 #define RAM_SAVE_FLAG_MEM_SIZE 0x04
79 #define RAM_SAVE_FLAG_PAGE 0x08
80 #define RAM_SAVE_FLAG_EOS 0x10
81 #define RAM_SAVE_FLAG_CONTINUE 0x20
82 #define RAM_SAVE_FLAG_XBZRLE 0x40
83 /* 0x80 is reserved in migration.h start with 0x100 next */
84 #define RAM_SAVE_FLAG_COMPRESS_PAGE 0x100
85
86 XBZRLECacheStats xbzrle_counters;
87
88 /* struct contains XBZRLE cache and a static page
89 used by the compression */
90 static struct {
91 /* buffer used for XBZRLE encoding */
92 uint8_t *encoded_buf;
93 /* buffer for storing page content */
94 uint8_t *current_buf;
95 /* Cache for XBZRLE, Protected by lock. */
96 PageCache *cache;
97 QemuMutex lock;
98 /* it will store a page full of zeros */
99 uint8_t *zero_target_page;
100 /* buffer used for XBZRLE decoding */
101 uint8_t *decoded_buf;
102 } XBZRLE;
103
104 static void XBZRLE_cache_lock(void)
105 {
106 if (migrate_use_xbzrle()) {
107 qemu_mutex_lock(&XBZRLE.lock);
108 }
109 }
110
111 static void XBZRLE_cache_unlock(void)
112 {
113 if (migrate_use_xbzrle()) {
114 qemu_mutex_unlock(&XBZRLE.lock);
115 }
116 }
117
118 /**
119 * xbzrle_cache_resize: resize the xbzrle cache
120 *
121 * This function is called from migrate_params_apply in main
122 * thread, possibly while a migration is in progress. A running
123 * migration may be using the cache and might finish during this call,
124 * hence changes to the cache are protected by XBZRLE.lock().
125 *
126 * Returns 0 for success or -1 for error
127 *
128 * @new_size: new cache size
129 * @errp: set *errp if the check failed, with reason
130 */
131 int xbzrle_cache_resize(uint64_t new_size, Error **errp)
132 {
133 PageCache *new_cache;
134 int64_t ret = 0;
135
136 /* Check for truncation */
137 if (new_size != (size_t)new_size) {
138 error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "cache size",
139 "exceeding address space");
140 return -1;
141 }
142
143 if (new_size == migrate_xbzrle_cache_size()) {
144 /* nothing to do */
145 return 0;
146 }
147
148 XBZRLE_cache_lock();
149
150 if (XBZRLE.cache != NULL) {
151 new_cache = cache_init(new_size, TARGET_PAGE_SIZE, errp);
152 if (!new_cache) {
153 ret = -1;
154 goto out;
155 }
156
157 cache_fini(XBZRLE.cache);
158 XBZRLE.cache = new_cache;
159 }
160 out:
161 XBZRLE_cache_unlock();
162 return ret;
163 }
164
165 bool ramblock_is_ignored(RAMBlock *block)
166 {
167 return !qemu_ram_is_migratable(block) ||
168 (migrate_ignore_shared() && qemu_ram_is_shared(block));
169 }
170
171 #undef RAMBLOCK_FOREACH
172
173 int foreach_not_ignored_block(RAMBlockIterFunc func, void *opaque)
174 {
175 RAMBlock *block;
176 int ret = 0;
177
178 RCU_READ_LOCK_GUARD();
179
180 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
181 ret = func(block, opaque);
182 if (ret) {
183 break;
184 }
185 }
186 return ret;
187 }
188
189 static void ramblock_recv_map_init(void)
190 {
191 RAMBlock *rb;
192
193 RAMBLOCK_FOREACH_NOT_IGNORED(rb) {
194 assert(!rb->receivedmap);
195 rb->receivedmap = bitmap_new(rb->max_length >> qemu_target_page_bits());
196 }
197 }
198
199 int ramblock_recv_bitmap_test(RAMBlock *rb, void *host_addr)
200 {
201 return test_bit(ramblock_recv_bitmap_offset(host_addr, rb),
202 rb->receivedmap);
203 }
204
205 bool ramblock_recv_bitmap_test_byte_offset(RAMBlock *rb, uint64_t byte_offset)
206 {
207 return test_bit(byte_offset >> TARGET_PAGE_BITS, rb->receivedmap);
208 }
209
210 void ramblock_recv_bitmap_set(RAMBlock *rb, void *host_addr)
211 {
212 set_bit_atomic(ramblock_recv_bitmap_offset(host_addr, rb), rb->receivedmap);
213 }
214
215 void ramblock_recv_bitmap_set_range(RAMBlock *rb, void *host_addr,
216 size_t nr)
217 {
218 bitmap_set_atomic(rb->receivedmap,
219 ramblock_recv_bitmap_offset(host_addr, rb),
220 nr);
221 }
222
223 #define RAMBLOCK_RECV_BITMAP_ENDING (0x0123456789abcdefULL)
224
225 /*
226 * Format: bitmap_size (8 bytes) + whole_bitmap (N bytes).
227 *
228 * Returns >0 if success with sent bytes, or <0 if error.
229 */
230 int64_t ramblock_recv_bitmap_send(QEMUFile *file,
231 const char *block_name)
232 {
233 RAMBlock *block = qemu_ram_block_by_name(block_name);
234 unsigned long *le_bitmap, nbits;
235 uint64_t size;
236
237 if (!block) {
238 error_report("%s: invalid block name: %s", __func__, block_name);
239 return -1;
240 }
241
242 nbits = block->postcopy_length >> TARGET_PAGE_BITS;
243
244 /*
245 * Make sure the tmp bitmap buffer is big enough, e.g., on 32bit
246 * machines we may need 4 more bytes for padding (see below
247 * comment). So extend it a bit before hand.
248 */
249 le_bitmap = bitmap_new(nbits + BITS_PER_LONG);
250
251 /*
252 * Always use little endian when sending the bitmap. This is
253 * required that when source and destination VMs are not using the
254 * same endianness. (Note: big endian won't work.)
255 */
256 bitmap_to_le(le_bitmap, block->receivedmap, nbits);
257
258 /* Size of the bitmap, in bytes */
259 size = DIV_ROUND_UP(nbits, 8);
260
261 /*
262 * size is always aligned to 8 bytes for 64bit machines, but it
263 * may not be true for 32bit machines. We need this padding to
264 * make sure the migration can survive even between 32bit and
265 * 64bit machines.
266 */
267 size = ROUND_UP(size, 8);
268
269 qemu_put_be64(file, size);
270 qemu_put_buffer(file, (const uint8_t *)le_bitmap, size);
271 /*
272 * Mark as an end, in case the middle part is screwed up due to
273 * some "mysterious" reason.
274 */
275 qemu_put_be64(file, RAMBLOCK_RECV_BITMAP_ENDING);
276 qemu_fflush(file);
277
278 g_free(le_bitmap);
279
280 if (qemu_file_get_error(file)) {
281 return qemu_file_get_error(file);
282 }
283
284 return size + sizeof(size);
285 }
286
287 /*
288 * An outstanding page request, on the source, having been received
289 * and queued
290 */
291 struct RAMSrcPageRequest {
292 RAMBlock *rb;
293 hwaddr offset;
294 hwaddr len;
295
296 QSIMPLEQ_ENTRY(RAMSrcPageRequest) next_req;
297 };
298
299 /* State of RAM for migration */
300 struct RAMState {
301 /* QEMUFile used for this migration */
302 QEMUFile *f;
303 /* UFFD file descriptor, used in 'write-tracking' migration */
304 int uffdio_fd;
305 /* Last block that we have visited searching for dirty pages */
306 RAMBlock *last_seen_block;
307 /* Last block from where we have sent data */
308 RAMBlock *last_sent_block;
309 /* Last dirty target page we have sent */
310 ram_addr_t last_page;
311 /* last ram version we have seen */
312 uint32_t last_version;
313 /* How many times we have dirty too many pages */
314 int dirty_rate_high_cnt;
315 /* these variables are used for bitmap sync */
316 /* last time we did a full bitmap_sync */
317 int64_t time_last_bitmap_sync;
318 /* bytes transferred at start_time */
319 uint64_t bytes_xfer_prev;
320 /* number of dirty pages since start_time */
321 uint64_t num_dirty_pages_period;
322 /* xbzrle misses since the beginning of the period */
323 uint64_t xbzrle_cache_miss_prev;
324 /* Amount of xbzrle pages since the beginning of the period */
325 uint64_t xbzrle_pages_prev;
326 /* Amount of xbzrle encoded bytes since the beginning of the period */
327 uint64_t xbzrle_bytes_prev;
328 /* Start using XBZRLE (e.g., after the first round). */
329 bool xbzrle_enabled;
330 /* Are we on the last stage of migration */
331 bool last_stage;
332 /* compression statistics since the beginning of the period */
333 /* amount of count that no free thread to compress data */
334 uint64_t compress_thread_busy_prev;
335 /* amount bytes after compression */
336 uint64_t compressed_size_prev;
337 /* amount of compressed pages */
338 uint64_t compress_pages_prev;
339
340 /* total handled target pages at the beginning of period */
341 uint64_t target_page_count_prev;
342 /* total handled target pages since start */
343 uint64_t target_page_count;
344 /* number of dirty bits in the bitmap */
345 uint64_t migration_dirty_pages;
346 /* Protects modification of the bitmap and migration dirty pages */
347 QemuMutex bitmap_mutex;
348 /* The RAMBlock used in the last src_page_requests */
349 RAMBlock *last_req_rb;
350 /* Queue of outstanding page requests from the destination */
351 QemuMutex src_page_req_mutex;
352 QSIMPLEQ_HEAD(, RAMSrcPageRequest) src_page_requests;
353 };
354 typedef struct RAMState RAMState;
355
356 static RAMState *ram_state;
357
358 static NotifierWithReturnList precopy_notifier_list;
359
360 /* Whether postcopy has queued requests? */
361 static bool postcopy_has_request(RAMState *rs)
362 {
363 return !QSIMPLEQ_EMPTY_ATOMIC(&rs->src_page_requests);
364 }
365
366 void precopy_infrastructure_init(void)
367 {
368 notifier_with_return_list_init(&precopy_notifier_list);
369 }
370
371 void precopy_add_notifier(NotifierWithReturn *n)
372 {
373 notifier_with_return_list_add(&precopy_notifier_list, n);
374 }
375
376 void precopy_remove_notifier(NotifierWithReturn *n)
377 {
378 notifier_with_return_remove(n);
379 }
380
381 int precopy_notify(PrecopyNotifyReason reason, Error **errp)
382 {
383 PrecopyNotifyData pnd;
384 pnd.reason = reason;
385 pnd.errp = errp;
386
387 return notifier_with_return_list_notify(&precopy_notifier_list, &pnd);
388 }
389
390 uint64_t ram_bytes_remaining(void)
391 {
392 return ram_state ? (ram_state->migration_dirty_pages * TARGET_PAGE_SIZE) :
393 0;
394 }
395
396 MigrationStats ram_counters;
397
398 static void ram_transferred_add(uint64_t bytes)
399 {
400 if (runstate_is_running()) {
401 ram_counters.precopy_bytes += bytes;
402 } else if (migration_in_postcopy()) {
403 ram_counters.postcopy_bytes += bytes;
404 } else {
405 ram_counters.downtime_bytes += bytes;
406 }
407 ram_counters.transferred += bytes;
408 }
409
410 /* used by the search for pages to send */
411 struct PageSearchStatus {
412 /* Current block being searched */
413 RAMBlock *block;
414 /* Current page to search from */
415 unsigned long page;
416 /* Set once we wrap around */
417 bool complete_round;
418 /* Whether current page is explicitly requested by postcopy */
419 bool postcopy_requested;
420 };
421 typedef struct PageSearchStatus PageSearchStatus;
422
423 CompressionStats compression_counters;
424
425 struct CompressParam {
426 bool done;
427 bool quit;
428 bool zero_page;
429 QEMUFile *file;
430 QemuMutex mutex;
431 QemuCond cond;
432 RAMBlock *block;
433 ram_addr_t offset;
434
435 /* internally used fields */
436 z_stream stream;
437 uint8_t *originbuf;
438 };
439 typedef struct CompressParam CompressParam;
440
441 struct DecompressParam {
442 bool done;
443 bool quit;
444 QemuMutex mutex;
445 QemuCond cond;
446 void *des;
447 uint8_t *compbuf;
448 int len;
449 z_stream stream;
450 };
451 typedef struct DecompressParam DecompressParam;
452
453 static CompressParam *comp_param;
454 static QemuThread *compress_threads;
455 /* comp_done_cond is used to wake up the migration thread when
456 * one of the compression threads has finished the compression.
457 * comp_done_lock is used to co-work with comp_done_cond.
458 */
459 static QemuMutex comp_done_lock;
460 static QemuCond comp_done_cond;
461
462 static QEMUFile *decomp_file;
463 static DecompressParam *decomp_param;
464 static QemuThread *decompress_threads;
465 static QemuMutex decomp_done_lock;
466 static QemuCond decomp_done_cond;
467
468 static bool do_compress_ram_page(QEMUFile *f, z_stream *stream, RAMBlock *block,
469 ram_addr_t offset, uint8_t *source_buf);
470
471 static void *do_data_compress(void *opaque)
472 {
473 CompressParam *param = opaque;
474 RAMBlock *block;
475 ram_addr_t offset;
476 bool zero_page;
477
478 qemu_mutex_lock(&param->mutex);
479 while (!param->quit) {
480 if (param->block) {
481 block = param->block;
482 offset = param->offset;
483 param->block = NULL;
484 qemu_mutex_unlock(&param->mutex);
485
486 zero_page = do_compress_ram_page(param->file, &param->stream,
487 block, offset, param->originbuf);
488
489 qemu_mutex_lock(&comp_done_lock);
490 param->done = true;
491 param->zero_page = zero_page;
492 qemu_cond_signal(&comp_done_cond);
493 qemu_mutex_unlock(&comp_done_lock);
494
495 qemu_mutex_lock(&param->mutex);
496 } else {
497 qemu_cond_wait(&param->cond, &param->mutex);
498 }
499 }
500 qemu_mutex_unlock(&param->mutex);
501
502 return NULL;
503 }
504
505 static void compress_threads_save_cleanup(void)
506 {
507 int i, thread_count;
508
509 if (!migrate_use_compression() || !comp_param) {
510 return;
511 }
512
513 thread_count = migrate_compress_threads();
514 for (i = 0; i < thread_count; i++) {
515 /*
516 * we use it as a indicator which shows if the thread is
517 * properly init'd or not
518 */
519 if (!comp_param[i].file) {
520 break;
521 }
522
523 qemu_mutex_lock(&comp_param[i].mutex);
524 comp_param[i].quit = true;
525 qemu_cond_signal(&comp_param[i].cond);
526 qemu_mutex_unlock(&comp_param[i].mutex);
527
528 qemu_thread_join(compress_threads + i);
529 qemu_mutex_destroy(&comp_param[i].mutex);
530 qemu_cond_destroy(&comp_param[i].cond);
531 deflateEnd(&comp_param[i].stream);
532 g_free(comp_param[i].originbuf);
533 qemu_fclose(comp_param[i].file);
534 comp_param[i].file = NULL;
535 }
536 qemu_mutex_destroy(&comp_done_lock);
537 qemu_cond_destroy(&comp_done_cond);
538 g_free(compress_threads);
539 g_free(comp_param);
540 compress_threads = NULL;
541 comp_param = NULL;
542 }
543
544 static int compress_threads_save_setup(void)
545 {
546 int i, thread_count;
547
548 if (!migrate_use_compression()) {
549 return 0;
550 }
551 thread_count = migrate_compress_threads();
552 compress_threads = g_new0(QemuThread, thread_count);
553 comp_param = g_new0(CompressParam, thread_count);
554 qemu_cond_init(&comp_done_cond);
555 qemu_mutex_init(&comp_done_lock);
556 for (i = 0; i < thread_count; i++) {
557 comp_param[i].originbuf = g_try_malloc(TARGET_PAGE_SIZE);
558 if (!comp_param[i].originbuf) {
559 goto exit;
560 }
561
562 if (deflateInit(&comp_param[i].stream,
563 migrate_compress_level()) != Z_OK) {
564 g_free(comp_param[i].originbuf);
565 goto exit;
566 }
567
568 /* comp_param[i].file is just used as a dummy buffer to save data,
569 * set its ops to empty.
570 */
571 comp_param[i].file = qemu_file_new_output(
572 QIO_CHANNEL(qio_channel_null_new()));
573 comp_param[i].done = true;
574 comp_param[i].quit = false;
575 qemu_mutex_init(&comp_param[i].mutex);
576 qemu_cond_init(&comp_param[i].cond);
577 qemu_thread_create(compress_threads + i, "compress",
578 do_data_compress, comp_param + i,
579 QEMU_THREAD_JOINABLE);
580 }
581 return 0;
582
583 exit:
584 compress_threads_save_cleanup();
585 return -1;
586 }
587
588 /**
589 * save_page_header: write page header to wire
590 *
591 * If this is the 1st block, it also writes the block identification
592 *
593 * Returns the number of bytes written
594 *
595 * @f: QEMUFile where to send the data
596 * @block: block that contains the page we want to send
597 * @offset: offset inside the block for the page
598 * in the lower bits, it contains flags
599 */
600 static size_t save_page_header(RAMState *rs, QEMUFile *f, RAMBlock *block,
601 ram_addr_t offset)
602 {
603 size_t size, len;
604
605 if (block == rs->last_sent_block) {
606 offset |= RAM_SAVE_FLAG_CONTINUE;
607 }
608 qemu_put_be64(f, offset);
609 size = 8;
610
611 if (!(offset & RAM_SAVE_FLAG_CONTINUE)) {
612 len = strlen(block->idstr);
613 qemu_put_byte(f, len);
614 qemu_put_buffer(f, (uint8_t *)block->idstr, len);
615 size += 1 + len;
616 rs->last_sent_block = block;
617 }
618 return size;
619 }
620
621 /**
622 * mig_throttle_guest_down: throttle down the guest
623 *
624 * Reduce amount of guest cpu execution to hopefully slow down memory
625 * writes. If guest dirty memory rate is reduced below the rate at
626 * which we can transfer pages to the destination then we should be
627 * able to complete migration. Some workloads dirty memory way too
628 * fast and will not effectively converge, even with auto-converge.
629 */
630 static void mig_throttle_guest_down(uint64_t bytes_dirty_period,
631 uint64_t bytes_dirty_threshold)
632 {
633 MigrationState *s = migrate_get_current();
634 uint64_t pct_initial = s->parameters.cpu_throttle_initial;
635 uint64_t pct_increment = s->parameters.cpu_throttle_increment;
636 bool pct_tailslow = s->parameters.cpu_throttle_tailslow;
637 int pct_max = s->parameters.max_cpu_throttle;
638
639 uint64_t throttle_now = cpu_throttle_get_percentage();
640 uint64_t cpu_now, cpu_ideal, throttle_inc;
641
642 /* We have not started throttling yet. Let's start it. */
643 if (!cpu_throttle_active()) {
644 cpu_throttle_set(pct_initial);
645 } else {
646 /* Throttling already on, just increase the rate */
647 if (!pct_tailslow) {
648 throttle_inc = pct_increment;
649 } else {
650 /* Compute the ideal CPU percentage used by Guest, which may
651 * make the dirty rate match the dirty rate threshold. */
652 cpu_now = 100 - throttle_now;
653 cpu_ideal = cpu_now * (bytes_dirty_threshold * 1.0 /
654 bytes_dirty_period);
655 throttle_inc = MIN(cpu_now - cpu_ideal, pct_increment);
656 }
657 cpu_throttle_set(MIN(throttle_now + throttle_inc, pct_max));
658 }
659 }
660
661 void mig_throttle_counter_reset(void)
662 {
663 RAMState *rs = ram_state;
664
665 rs->time_last_bitmap_sync = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
666 rs->num_dirty_pages_period = 0;
667 rs->bytes_xfer_prev = ram_counters.transferred;
668 }
669
670 /**
671 * xbzrle_cache_zero_page: insert a zero page in the XBZRLE cache
672 *
673 * @rs: current RAM state
674 * @current_addr: address for the zero page
675 *
676 * Update the xbzrle cache to reflect a page that's been sent as all 0.
677 * The important thing is that a stale (not-yet-0'd) page be replaced
678 * by the new data.
679 * As a bonus, if the page wasn't in the cache it gets added so that
680 * when a small write is made into the 0'd page it gets XBZRLE sent.
681 */
682 static void xbzrle_cache_zero_page(RAMState *rs, ram_addr_t current_addr)
683 {
684 if (!rs->xbzrle_enabled) {
685 return;
686 }
687
688 /* We don't care if this fails to allocate a new cache page
689 * as long as it updated an old one */
690 cache_insert(XBZRLE.cache, current_addr, XBZRLE.zero_target_page,
691 ram_counters.dirty_sync_count);
692 }
693
694 #define ENCODING_FLAG_XBZRLE 0x1
695
696 /**
697 * save_xbzrle_page: compress and send current page
698 *
699 * Returns: 1 means that we wrote the page
700 * 0 means that page is identical to the one already sent
701 * -1 means that xbzrle would be longer than normal
702 *
703 * @rs: current RAM state
704 * @current_data: pointer to the address of the page contents
705 * @current_addr: addr of the page
706 * @block: block that contains the page we want to send
707 * @offset: offset inside the block for the page
708 */
709 static int save_xbzrle_page(RAMState *rs, uint8_t **current_data,
710 ram_addr_t current_addr, RAMBlock *block,
711 ram_addr_t offset)
712 {
713 int encoded_len = 0, bytes_xbzrle;
714 uint8_t *prev_cached_page;
715
716 if (!cache_is_cached(XBZRLE.cache, current_addr,
717 ram_counters.dirty_sync_count)) {
718 xbzrle_counters.cache_miss++;
719 if (!rs->last_stage) {
720 if (cache_insert(XBZRLE.cache, current_addr, *current_data,
721 ram_counters.dirty_sync_count) == -1) {
722 return -1;
723 } else {
724 /* update *current_data when the page has been
725 inserted into cache */
726 *current_data = get_cached_data(XBZRLE.cache, current_addr);
727 }
728 }
729 return -1;
730 }
731
732 /*
733 * Reaching here means the page has hit the xbzrle cache, no matter what
734 * encoding result it is (normal encoding, overflow or skipping the page),
735 * count the page as encoded. This is used to calculate the encoding rate.
736 *
737 * Example: 2 pages (8KB) being encoded, first page encoding generates 2KB,
738 * 2nd page turns out to be skipped (i.e. no new bytes written to the
739 * page), the overall encoding rate will be 8KB / 2KB = 4, which has the
740 * skipped page included. In this way, the encoding rate can tell if the
741 * guest page is good for xbzrle encoding.
742 */
743 xbzrle_counters.pages++;
744 prev_cached_page = get_cached_data(XBZRLE.cache, current_addr);
745
746 /* save current buffer into memory */
747 memcpy(XBZRLE.current_buf, *current_data, TARGET_PAGE_SIZE);
748
749 /* XBZRLE encoding (if there is no overflow) */
750 encoded_len = xbzrle_encode_buffer(prev_cached_page, XBZRLE.current_buf,
751 TARGET_PAGE_SIZE, XBZRLE.encoded_buf,
752 TARGET_PAGE_SIZE);
753
754 /*
755 * Update the cache contents, so that it corresponds to the data
756 * sent, in all cases except where we skip the page.
757 */
758 if (!rs->last_stage && encoded_len != 0) {
759 memcpy(prev_cached_page, XBZRLE.current_buf, TARGET_PAGE_SIZE);
760 /*
761 * In the case where we couldn't compress, ensure that the caller
762 * sends the data from the cache, since the guest might have
763 * changed the RAM since we copied it.
764 */
765 *current_data = prev_cached_page;
766 }
767
768 if (encoded_len == 0) {
769 trace_save_xbzrle_page_skipping();
770 return 0;
771 } else if (encoded_len == -1) {
772 trace_save_xbzrle_page_overflow();
773 xbzrle_counters.overflow++;
774 xbzrle_counters.bytes += TARGET_PAGE_SIZE;
775 return -1;
776 }
777
778 /* Send XBZRLE based compressed page */
779 bytes_xbzrle = save_page_header(rs, rs->f, block,
780 offset | RAM_SAVE_FLAG_XBZRLE);
781 qemu_put_byte(rs->f, ENCODING_FLAG_XBZRLE);
782 qemu_put_be16(rs->f, encoded_len);
783 qemu_put_buffer(rs->f, XBZRLE.encoded_buf, encoded_len);
784 bytes_xbzrle += encoded_len + 1 + 2;
785 /*
786 * Like compressed_size (please see update_compress_thread_counts),
787 * the xbzrle encoded bytes don't count the 8 byte header with
788 * RAM_SAVE_FLAG_CONTINUE.
789 */
790 xbzrle_counters.bytes += bytes_xbzrle - 8;
791 ram_transferred_add(bytes_xbzrle);
792
793 return 1;
794 }
795
796 /**
797 * migration_bitmap_find_dirty: find the next dirty page from start
798 *
799 * Returns the page offset within memory region of the start of a dirty page
800 *
801 * @rs: current RAM state
802 * @rb: RAMBlock where to search for dirty pages
803 * @start: page where we start the search
804 */
805 static inline
806 unsigned long migration_bitmap_find_dirty(RAMState *rs, RAMBlock *rb,
807 unsigned long start)
808 {
809 unsigned long size = rb->used_length >> TARGET_PAGE_BITS;
810 unsigned long *bitmap = rb->bmap;
811
812 if (ramblock_is_ignored(rb)) {
813 return size;
814 }
815
816 return find_next_bit(bitmap, size, start);
817 }
818
819 static void migration_clear_memory_region_dirty_bitmap(RAMBlock *rb,
820 unsigned long page)
821 {
822 uint8_t shift;
823 hwaddr size, start;
824
825 if (!rb->clear_bmap || !clear_bmap_test_and_clear(rb, page)) {
826 return;
827 }
828
829 shift = rb->clear_bmap_shift;
830 /*
831 * CLEAR_BITMAP_SHIFT_MIN should always guarantee this... this
832 * can make things easier sometimes since then start address
833 * of the small chunk will always be 64 pages aligned so the
834 * bitmap will always be aligned to unsigned long. We should
835 * even be able to remove this restriction but I'm simply
836 * keeping it.
837 */
838 assert(shift >= 6);
839
840 size = 1ULL << (TARGET_PAGE_BITS + shift);
841 start = QEMU_ALIGN_DOWN((ram_addr_t)page << TARGET_PAGE_BITS, size);
842 trace_migration_bitmap_clear_dirty(rb->idstr, start, size, page);
843 memory_region_clear_dirty_bitmap(rb->mr, start, size);
844 }
845
846 static void
847 migration_clear_memory_region_dirty_bitmap_range(RAMBlock *rb,
848 unsigned long start,
849 unsigned long npages)
850 {
851 unsigned long i, chunk_pages = 1UL << rb->clear_bmap_shift;
852 unsigned long chunk_start = QEMU_ALIGN_DOWN(start, chunk_pages);
853 unsigned long chunk_end = QEMU_ALIGN_UP(start + npages, chunk_pages);
854
855 /*
856 * Clear pages from start to start + npages - 1, so the end boundary is
857 * exclusive.
858 */
859 for (i = chunk_start; i < chunk_end; i += chunk_pages) {
860 migration_clear_memory_region_dirty_bitmap(rb, i);
861 }
862 }
863
864 /*
865 * colo_bitmap_find_diry:find contiguous dirty pages from start
866 *
867 * Returns the page offset within memory region of the start of the contiguout
868 * dirty page
869 *
870 * @rs: current RAM state
871 * @rb: RAMBlock where to search for dirty pages
872 * @start: page where we start the search
873 * @num: the number of contiguous dirty pages
874 */
875 static inline
876 unsigned long colo_bitmap_find_dirty(RAMState *rs, RAMBlock *rb,
877 unsigned long start, unsigned long *num)
878 {
879 unsigned long size = rb->used_length >> TARGET_PAGE_BITS;
880 unsigned long *bitmap = rb->bmap;
881 unsigned long first, next;
882
883 *num = 0;
884
885 if (ramblock_is_ignored(rb)) {
886 return size;
887 }
888
889 first = find_next_bit(bitmap, size, start);
890 if (first >= size) {
891 return first;
892 }
893 next = find_next_zero_bit(bitmap, size, first + 1);
894 assert(next >= first);
895 *num = next - first;
896 return first;
897 }
898
899 static inline bool migration_bitmap_clear_dirty(RAMState *rs,
900 RAMBlock *rb,
901 unsigned long page)
902 {
903 bool ret;
904
905 /*
906 * Clear dirty bitmap if needed. This _must_ be called before we
907 * send any of the page in the chunk because we need to make sure
908 * we can capture further page content changes when we sync dirty
909 * log the next time. So as long as we are going to send any of
910 * the page in the chunk we clear the remote dirty bitmap for all.
911 * Clearing it earlier won't be a problem, but too late will.
912 */
913 migration_clear_memory_region_dirty_bitmap(rb, page);
914
915 ret = test_and_clear_bit(page, rb->bmap);
916 if (ret) {
917 rs->migration_dirty_pages--;
918 }
919
920 return ret;
921 }
922
923 static void dirty_bitmap_clear_section(MemoryRegionSection *section,
924 void *opaque)
925 {
926 const hwaddr offset = section->offset_within_region;
927 const hwaddr size = int128_get64(section->size);
928 const unsigned long start = offset >> TARGET_PAGE_BITS;
929 const unsigned long npages = size >> TARGET_PAGE_BITS;
930 RAMBlock *rb = section->mr->ram_block;
931 uint64_t *cleared_bits = opaque;
932
933 /*
934 * We don't grab ram_state->bitmap_mutex because we expect to run
935 * only when starting migration or during postcopy recovery where
936 * we don't have concurrent access.
937 */
938 if (!migration_in_postcopy() && !migrate_background_snapshot()) {
939 migration_clear_memory_region_dirty_bitmap_range(rb, start, npages);
940 }
941 *cleared_bits += bitmap_count_one_with_offset(rb->bmap, start, npages);
942 bitmap_clear(rb->bmap, start, npages);
943 }
944
945 /*
946 * Exclude all dirty pages from migration that fall into a discarded range as
947 * managed by a RamDiscardManager responsible for the mapped memory region of
948 * the RAMBlock. Clear the corresponding bits in the dirty bitmaps.
949 *
950 * Discarded pages ("logically unplugged") have undefined content and must
951 * not get migrated, because even reading these pages for migration might
952 * result in undesired behavior.
953 *
954 * Returns the number of cleared bits in the RAMBlock dirty bitmap.
955 *
956 * Note: The result is only stable while migrating (precopy/postcopy).
957 */
958 static uint64_t ramblock_dirty_bitmap_clear_discarded_pages(RAMBlock *rb)
959 {
960 uint64_t cleared_bits = 0;
961
962 if (rb->mr && rb->bmap && memory_region_has_ram_discard_manager(rb->mr)) {
963 RamDiscardManager *rdm = memory_region_get_ram_discard_manager(rb->mr);
964 MemoryRegionSection section = {
965 .mr = rb->mr,
966 .offset_within_region = 0,
967 .size = int128_make64(qemu_ram_get_used_length(rb)),
968 };
969
970 ram_discard_manager_replay_discarded(rdm, &section,
971 dirty_bitmap_clear_section,
972 &cleared_bits);
973 }
974 return cleared_bits;
975 }
976
977 /*
978 * Check if a host-page aligned page falls into a discarded range as managed by
979 * a RamDiscardManager responsible for the mapped memory region of the RAMBlock.
980 *
981 * Note: The result is only stable while migrating (precopy/postcopy).
982 */
983 bool ramblock_page_is_discarded(RAMBlock *rb, ram_addr_t start)
984 {
985 if (rb->mr && memory_region_has_ram_discard_manager(rb->mr)) {
986 RamDiscardManager *rdm = memory_region_get_ram_discard_manager(rb->mr);
987 MemoryRegionSection section = {
988 .mr = rb->mr,
989 .offset_within_region = start,
990 .size = int128_make64(qemu_ram_pagesize(rb)),
991 };
992
993 return !ram_discard_manager_is_populated(rdm, &section);
994 }
995 return false;
996 }
997
998 /* Called with RCU critical section */
999 static void ramblock_sync_dirty_bitmap(RAMState *rs, RAMBlock *rb)
1000 {
1001 uint64_t new_dirty_pages =
1002 cpu_physical_memory_sync_dirty_bitmap(rb, 0, rb->used_length);
1003
1004 rs->migration_dirty_pages += new_dirty_pages;
1005 rs->num_dirty_pages_period += new_dirty_pages;
1006 }
1007
1008 /**
1009 * ram_pagesize_summary: calculate all the pagesizes of a VM
1010 *
1011 * Returns a summary bitmap of the page sizes of all RAMBlocks
1012 *
1013 * For VMs with just normal pages this is equivalent to the host page
1014 * size. If it's got some huge pages then it's the OR of all the
1015 * different page sizes.
1016 */
1017 uint64_t ram_pagesize_summary(void)
1018 {
1019 RAMBlock *block;
1020 uint64_t summary = 0;
1021
1022 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
1023 summary |= block->page_size;
1024 }
1025
1026 return summary;
1027 }
1028
1029 uint64_t ram_get_total_transferred_pages(void)
1030 {
1031 return ram_counters.normal + ram_counters.duplicate +
1032 compression_counters.pages + xbzrle_counters.pages;
1033 }
1034
1035 static void migration_update_rates(RAMState *rs, int64_t end_time)
1036 {
1037 uint64_t page_count = rs->target_page_count - rs->target_page_count_prev;
1038 double compressed_size;
1039
1040 /* calculate period counters */
1041 ram_counters.dirty_pages_rate = rs->num_dirty_pages_period * 1000
1042 / (end_time - rs->time_last_bitmap_sync);
1043
1044 if (!page_count) {
1045 return;
1046 }
1047
1048 if (migrate_use_xbzrle()) {
1049 double encoded_size, unencoded_size;
1050
1051 xbzrle_counters.cache_miss_rate = (double)(xbzrle_counters.cache_miss -
1052 rs->xbzrle_cache_miss_prev) / page_count;
1053 rs->xbzrle_cache_miss_prev = xbzrle_counters.cache_miss;
1054 unencoded_size = (xbzrle_counters.pages - rs->xbzrle_pages_prev) *
1055 TARGET_PAGE_SIZE;
1056 encoded_size = xbzrle_counters.bytes - rs->xbzrle_bytes_prev;
1057 if (xbzrle_counters.pages == rs->xbzrle_pages_prev || !encoded_size) {
1058 xbzrle_counters.encoding_rate = 0;
1059 } else {
1060 xbzrle_counters.encoding_rate = unencoded_size / encoded_size;
1061 }
1062 rs->xbzrle_pages_prev = xbzrle_counters.pages;
1063 rs->xbzrle_bytes_prev = xbzrle_counters.bytes;
1064 }
1065
1066 if (migrate_use_compression()) {
1067 compression_counters.busy_rate = (double)(compression_counters.busy -
1068 rs->compress_thread_busy_prev) / page_count;
1069 rs->compress_thread_busy_prev = compression_counters.busy;
1070
1071 compressed_size = compression_counters.compressed_size -
1072 rs->compressed_size_prev;
1073 if (compressed_size) {
1074 double uncompressed_size = (compression_counters.pages -
1075 rs->compress_pages_prev) * TARGET_PAGE_SIZE;
1076
1077 /* Compression-Ratio = Uncompressed-size / Compressed-size */
1078 compression_counters.compression_rate =
1079 uncompressed_size / compressed_size;
1080
1081 rs->compress_pages_prev = compression_counters.pages;
1082 rs->compressed_size_prev = compression_counters.compressed_size;
1083 }
1084 }
1085 }
1086
1087 static void migration_trigger_throttle(RAMState *rs)
1088 {
1089 MigrationState *s = migrate_get_current();
1090 uint64_t threshold = s->parameters.throttle_trigger_threshold;
1091
1092 uint64_t bytes_xfer_period = ram_counters.transferred - rs->bytes_xfer_prev;
1093 uint64_t bytes_dirty_period = rs->num_dirty_pages_period * TARGET_PAGE_SIZE;
1094 uint64_t bytes_dirty_threshold = bytes_xfer_period * threshold / 100;
1095
1096 /* During block migration the auto-converge logic incorrectly detects
1097 * that ram migration makes no progress. Avoid this by disabling the
1098 * throttling logic during the bulk phase of block migration. */
1099 if (migrate_auto_converge() && !blk_mig_bulk_active()) {
1100 /* The following detection logic can be refined later. For now:
1101 Check to see if the ratio between dirtied bytes and the approx.
1102 amount of bytes that just got transferred since the last time
1103 we were in this routine reaches the threshold. If that happens
1104 twice, start or increase throttling. */
1105
1106 if ((bytes_dirty_period > bytes_dirty_threshold) &&
1107 (++rs->dirty_rate_high_cnt >= 2)) {
1108 trace_migration_throttle();
1109 rs->dirty_rate_high_cnt = 0;
1110 mig_throttle_guest_down(bytes_dirty_period,
1111 bytes_dirty_threshold);
1112 }
1113 }
1114 }
1115
1116 static void migration_bitmap_sync(RAMState *rs)
1117 {
1118 RAMBlock *block;
1119 int64_t end_time;
1120
1121 ram_counters.dirty_sync_count++;
1122
1123 if (!rs->time_last_bitmap_sync) {
1124 rs->time_last_bitmap_sync = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
1125 }
1126
1127 trace_migration_bitmap_sync_start();
1128 memory_global_dirty_log_sync();
1129
1130 qemu_mutex_lock(&rs->bitmap_mutex);
1131 WITH_RCU_READ_LOCK_GUARD() {
1132 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
1133 ramblock_sync_dirty_bitmap(rs, block);
1134 }
1135 ram_counters.remaining = ram_bytes_remaining();
1136 }
1137 qemu_mutex_unlock(&rs->bitmap_mutex);
1138
1139 memory_global_after_dirty_log_sync();
1140 trace_migration_bitmap_sync_end(rs->num_dirty_pages_period);
1141
1142 end_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
1143
1144 /* more than 1 second = 1000 millisecons */
1145 if (end_time > rs->time_last_bitmap_sync + 1000) {
1146 migration_trigger_throttle(rs);
1147
1148 migration_update_rates(rs, end_time);
1149
1150 rs->target_page_count_prev = rs->target_page_count;
1151
1152 /* reset period counters */
1153 rs->time_last_bitmap_sync = end_time;
1154 rs->num_dirty_pages_period = 0;
1155 rs->bytes_xfer_prev = ram_counters.transferred;
1156 }
1157 if (migrate_use_events()) {
1158 qapi_event_send_migration_pass(ram_counters.dirty_sync_count);
1159 }
1160 }
1161
1162 static void migration_bitmap_sync_precopy(RAMState *rs)
1163 {
1164 Error *local_err = NULL;
1165
1166 /*
1167 * The current notifier usage is just an optimization to migration, so we
1168 * don't stop the normal migration process in the error case.
1169 */
1170 if (precopy_notify(PRECOPY_NOTIFY_BEFORE_BITMAP_SYNC, &local_err)) {
1171 error_report_err(local_err);
1172 local_err = NULL;
1173 }
1174
1175 migration_bitmap_sync(rs);
1176
1177 if (precopy_notify(PRECOPY_NOTIFY_AFTER_BITMAP_SYNC, &local_err)) {
1178 error_report_err(local_err);
1179 }
1180 }
1181
1182 static void ram_release_page(const char *rbname, uint64_t offset)
1183 {
1184 if (!migrate_release_ram() || !migration_in_postcopy()) {
1185 return;
1186 }
1187
1188 ram_discard_range(rbname, offset, TARGET_PAGE_SIZE);
1189 }
1190
1191 /**
1192 * save_zero_page_to_file: send the zero page to the file
1193 *
1194 * Returns the size of data written to the file, 0 means the page is not
1195 * a zero page
1196 *
1197 * @rs: current RAM state
1198 * @file: the file where the data is saved
1199 * @block: block that contains the page we want to send
1200 * @offset: offset inside the block for the page
1201 */
1202 static int save_zero_page_to_file(RAMState *rs, QEMUFile *file,
1203 RAMBlock *block, ram_addr_t offset)
1204 {
1205 uint8_t *p = block->host + offset;
1206 int len = 0;
1207
1208 if (buffer_is_zero(p, TARGET_PAGE_SIZE)) {
1209 len += save_page_header(rs, file, block, offset | RAM_SAVE_FLAG_ZERO);
1210 qemu_put_byte(file, 0);
1211 len += 1;
1212 ram_release_page(block->idstr, offset);
1213 }
1214 return len;
1215 }
1216
1217 /**
1218 * save_zero_page: send the zero page to the stream
1219 *
1220 * Returns the number of pages written.
1221 *
1222 * @rs: current RAM state
1223 * @block: block that contains the page we want to send
1224 * @offset: offset inside the block for the page
1225 */
1226 static int save_zero_page(RAMState *rs, RAMBlock *block, ram_addr_t offset)
1227 {
1228 int len = save_zero_page_to_file(rs, rs->f, block, offset);
1229
1230 if (len) {
1231 ram_counters.duplicate++;
1232 ram_transferred_add(len);
1233 return 1;
1234 }
1235 return -1;
1236 }
1237
1238 /*
1239 * @pages: the number of pages written by the control path,
1240 * < 0 - error
1241 * > 0 - number of pages written
1242 *
1243 * Return true if the pages has been saved, otherwise false is returned.
1244 */
1245 static bool control_save_page(RAMState *rs, RAMBlock *block, ram_addr_t offset,
1246 int *pages)
1247 {
1248 uint64_t bytes_xmit = 0;
1249 int ret;
1250
1251 *pages = -1;
1252 ret = ram_control_save_page(rs->f, block->offset, offset, TARGET_PAGE_SIZE,
1253 &bytes_xmit);
1254 if (ret == RAM_SAVE_CONTROL_NOT_SUPP) {
1255 return false;
1256 }
1257
1258 if (bytes_xmit) {
1259 ram_transferred_add(bytes_xmit);
1260 *pages = 1;
1261 }
1262
1263 if (ret == RAM_SAVE_CONTROL_DELAYED) {
1264 return true;
1265 }
1266
1267 if (bytes_xmit > 0) {
1268 ram_counters.normal++;
1269 } else if (bytes_xmit == 0) {
1270 ram_counters.duplicate++;
1271 }
1272
1273 return true;
1274 }
1275
1276 /*
1277 * directly send the page to the stream
1278 *
1279 * Returns the number of pages written.
1280 *
1281 * @rs: current RAM state
1282 * @block: block that contains the page we want to send
1283 * @offset: offset inside the block for the page
1284 * @buf: the page to be sent
1285 * @async: send to page asyncly
1286 */
1287 static int save_normal_page(RAMState *rs, RAMBlock *block, ram_addr_t offset,
1288 uint8_t *buf, bool async)
1289 {
1290 ram_transferred_add(save_page_header(rs, rs->f, block,
1291 offset | RAM_SAVE_FLAG_PAGE));
1292 if (async) {
1293 qemu_put_buffer_async(rs->f, buf, TARGET_PAGE_SIZE,
1294 migrate_release_ram() &&
1295 migration_in_postcopy());
1296 } else {
1297 qemu_put_buffer(rs->f, buf, TARGET_PAGE_SIZE);
1298 }
1299 ram_transferred_add(TARGET_PAGE_SIZE);
1300 ram_counters.normal++;
1301 return 1;
1302 }
1303
1304 /**
1305 * ram_save_page: send the given page to the stream
1306 *
1307 * Returns the number of pages written.
1308 * < 0 - error
1309 * >=0 - Number of pages written - this might legally be 0
1310 * if xbzrle noticed the page was the same.
1311 *
1312 * @rs: current RAM state
1313 * @block: block that contains the page we want to send
1314 * @offset: offset inside the block for the page
1315 */
1316 static int ram_save_page(RAMState *rs, PageSearchStatus *pss)
1317 {
1318 int pages = -1;
1319 uint8_t *p;
1320 bool send_async = true;
1321 RAMBlock *block = pss->block;
1322 ram_addr_t offset = ((ram_addr_t)pss->page) << TARGET_PAGE_BITS;
1323 ram_addr_t current_addr = block->offset + offset;
1324
1325 p = block->host + offset;
1326 trace_ram_save_page(block->idstr, (uint64_t)offset, p);
1327
1328 XBZRLE_cache_lock();
1329 if (rs->xbzrle_enabled && !migration_in_postcopy()) {
1330 pages = save_xbzrle_page(rs, &p, current_addr, block,
1331 offset);
1332 if (!rs->last_stage) {
1333 /* Can't send this cached data async, since the cache page
1334 * might get updated before it gets to the wire
1335 */
1336 send_async = false;
1337 }
1338 }
1339
1340 /* XBZRLE overflow or normal page */
1341 if (pages == -1) {
1342 pages = save_normal_page(rs, block, offset, p, send_async);
1343 }
1344
1345 XBZRLE_cache_unlock();
1346
1347 return pages;
1348 }
1349
1350 static int ram_save_multifd_page(RAMState *rs, RAMBlock *block,
1351 ram_addr_t offset)
1352 {
1353 if (multifd_queue_page(rs->f, block, offset) < 0) {
1354 return -1;
1355 }
1356 ram_counters.normal++;
1357
1358 return 1;
1359 }
1360
1361 static bool do_compress_ram_page(QEMUFile *f, z_stream *stream, RAMBlock *block,
1362 ram_addr_t offset, uint8_t *source_buf)
1363 {
1364 RAMState *rs = ram_state;
1365 uint8_t *p = block->host + offset;
1366 int ret;
1367
1368 if (save_zero_page_to_file(rs, f, block, offset)) {
1369 return true;
1370 }
1371
1372 save_page_header(rs, f, block, offset | RAM_SAVE_FLAG_COMPRESS_PAGE);
1373
1374 /*
1375 * copy it to a internal buffer to avoid it being modified by VM
1376 * so that we can catch up the error during compression and
1377 * decompression
1378 */
1379 memcpy(source_buf, p, TARGET_PAGE_SIZE);
1380 ret = qemu_put_compression_data(f, stream, source_buf, TARGET_PAGE_SIZE);
1381 if (ret < 0) {
1382 qemu_file_set_error(migrate_get_current()->to_dst_file, ret);
1383 error_report("compressed data failed!");
1384 }
1385 return false;
1386 }
1387
1388 static void
1389 update_compress_thread_counts(const CompressParam *param, int bytes_xmit)
1390 {
1391 ram_transferred_add(bytes_xmit);
1392
1393 if (param->zero_page) {
1394 ram_counters.duplicate++;
1395 return;
1396 }
1397
1398 /* 8 means a header with RAM_SAVE_FLAG_CONTINUE. */
1399 compression_counters.compressed_size += bytes_xmit - 8;
1400 compression_counters.pages++;
1401 }
1402
1403 static bool save_page_use_compression(RAMState *rs);
1404
1405 static void flush_compressed_data(RAMState *rs)
1406 {
1407 int idx, len, thread_count;
1408
1409 if (!save_page_use_compression(rs)) {
1410 return;
1411 }
1412 thread_count = migrate_compress_threads();
1413
1414 qemu_mutex_lock(&comp_done_lock);
1415 for (idx = 0; idx < thread_count; idx++) {
1416 while (!comp_param[idx].done) {
1417 qemu_cond_wait(&comp_done_cond, &comp_done_lock);
1418 }
1419 }
1420 qemu_mutex_unlock(&comp_done_lock);
1421
1422 for (idx = 0; idx < thread_count; idx++) {
1423 qemu_mutex_lock(&comp_param[idx].mutex);
1424 if (!comp_param[idx].quit) {
1425 len = qemu_put_qemu_file(rs->f, comp_param[idx].file);
1426 /*
1427 * it's safe to fetch zero_page without holding comp_done_lock
1428 * as there is no further request submitted to the thread,
1429 * i.e, the thread should be waiting for a request at this point.
1430 */
1431 update_compress_thread_counts(&comp_param[idx], len);
1432 }
1433 qemu_mutex_unlock(&comp_param[idx].mutex);
1434 }
1435 }
1436
1437 static inline void set_compress_params(CompressParam *param, RAMBlock *block,
1438 ram_addr_t offset)
1439 {
1440 param->block = block;
1441 param->offset = offset;
1442 }
1443
1444 static int compress_page_with_multi_thread(RAMState *rs, RAMBlock *block,
1445 ram_addr_t offset)
1446 {
1447 int idx, thread_count, bytes_xmit = -1, pages = -1;
1448 bool wait = migrate_compress_wait_thread();
1449
1450 thread_count = migrate_compress_threads();
1451 qemu_mutex_lock(&comp_done_lock);
1452 retry:
1453 for (idx = 0; idx < thread_count; idx++) {
1454 if (comp_param[idx].done) {
1455 comp_param[idx].done = false;
1456 bytes_xmit = qemu_put_qemu_file(rs->f, comp_param[idx].file);
1457 qemu_mutex_lock(&comp_param[idx].mutex);
1458 set_compress_params(&comp_param[idx], block, offset);
1459 qemu_cond_signal(&comp_param[idx].cond);
1460 qemu_mutex_unlock(&comp_param[idx].mutex);
1461 pages = 1;
1462 update_compress_thread_counts(&comp_param[idx], bytes_xmit);
1463 break;
1464 }
1465 }
1466
1467 /*
1468 * wait for the free thread if the user specifies 'compress-wait-thread',
1469 * otherwise we will post the page out in the main thread as normal page.
1470 */
1471 if (pages < 0 && wait) {
1472 qemu_cond_wait(&comp_done_cond, &comp_done_lock);
1473 goto retry;
1474 }
1475 qemu_mutex_unlock(&comp_done_lock);
1476
1477 return pages;
1478 }
1479
1480 /**
1481 * find_dirty_block: find the next dirty page and update any state
1482 * associated with the search process.
1483 *
1484 * Returns true if a page is found
1485 *
1486 * @rs: current RAM state
1487 * @pss: data about the state of the current dirty page scan
1488 * @again: set to false if the search has scanned the whole of RAM
1489 */
1490 static bool find_dirty_block(RAMState *rs, PageSearchStatus *pss, bool *again)
1491 {
1492 /* This is not a postcopy requested page */
1493 pss->postcopy_requested = false;
1494
1495 pss->page = migration_bitmap_find_dirty(rs, pss->block, pss->page);
1496 if (pss->complete_round && pss->block == rs->last_seen_block &&
1497 pss->page >= rs->last_page) {
1498 /*
1499 * We've been once around the RAM and haven't found anything.
1500 * Give up.
1501 */
1502 *again = false;
1503 return false;
1504 }
1505 if (!offset_in_ramblock(pss->block,
1506 ((ram_addr_t)pss->page) << TARGET_PAGE_BITS)) {
1507 /* Didn't find anything in this RAM Block */
1508 pss->page = 0;
1509 pss->block = QLIST_NEXT_RCU(pss->block, next);
1510 if (!pss->block) {
1511 /*
1512 * If memory migration starts over, we will meet a dirtied page
1513 * which may still exists in compression threads's ring, so we
1514 * should flush the compressed data to make sure the new page
1515 * is not overwritten by the old one in the destination.
1516 *
1517 * Also If xbzrle is on, stop using the data compression at this
1518 * point. In theory, xbzrle can do better than compression.
1519 */
1520 flush_compressed_data(rs);
1521
1522 /* Hit the end of the list */
1523 pss->block = QLIST_FIRST_RCU(&ram_list.blocks);
1524 /* Flag that we've looped */
1525 pss->complete_round = true;
1526 /* After the first round, enable XBZRLE. */
1527 if (migrate_use_xbzrle()) {
1528 rs->xbzrle_enabled = true;
1529 }
1530 }
1531 /* Didn't find anything this time, but try again on the new block */
1532 *again = true;
1533 return false;
1534 } else {
1535 /* Can go around again, but... */
1536 *again = true;
1537 /* We've found something so probably don't need to */
1538 return true;
1539 }
1540 }
1541
1542 /**
1543 * unqueue_page: gets a page of the queue
1544 *
1545 * Helper for 'get_queued_page' - gets a page off the queue
1546 *
1547 * Returns the block of the page (or NULL if none available)
1548 *
1549 * @rs: current RAM state
1550 * @offset: used to return the offset within the RAMBlock
1551 */
1552 static RAMBlock *unqueue_page(RAMState *rs, ram_addr_t *offset)
1553 {
1554 struct RAMSrcPageRequest *entry;
1555 RAMBlock *block = NULL;
1556 size_t page_size;
1557
1558 if (!postcopy_has_request(rs)) {
1559 return NULL;
1560 }
1561
1562 QEMU_LOCK_GUARD(&rs->src_page_req_mutex);
1563
1564 /*
1565 * This should _never_ change even after we take the lock, because no one
1566 * should be taking anything off the request list other than us.
1567 */
1568 assert(postcopy_has_request(rs));
1569
1570 entry = QSIMPLEQ_FIRST(&rs->src_page_requests);
1571 block = entry->rb;
1572 *offset = entry->offset;
1573 page_size = qemu_ram_pagesize(block);
1574 /* Each page request should only be multiple page size of the ramblock */
1575 assert((entry->len % page_size) == 0);
1576
1577 if (entry->len > page_size) {
1578 entry->len -= page_size;
1579 entry->offset += page_size;
1580 } else {
1581 memory_region_unref(block->mr);
1582 QSIMPLEQ_REMOVE_HEAD(&rs->src_page_requests, next_req);
1583 g_free(entry);
1584 migration_consume_urgent_request();
1585 }
1586
1587 trace_unqueue_page(block->idstr, *offset,
1588 test_bit((*offset >> TARGET_PAGE_BITS), block->bmap));
1589
1590 return block;
1591 }
1592
1593 #if defined(__linux__)
1594 /**
1595 * poll_fault_page: try to get next UFFD write fault page and, if pending fault
1596 * is found, return RAM block pointer and page offset
1597 *
1598 * Returns pointer to the RAMBlock containing faulting page,
1599 * NULL if no write faults are pending
1600 *
1601 * @rs: current RAM state
1602 * @offset: page offset from the beginning of the block
1603 */
1604 static RAMBlock *poll_fault_page(RAMState *rs, ram_addr_t *offset)
1605 {
1606 struct uffd_msg uffd_msg;
1607 void *page_address;
1608 RAMBlock *block;
1609 int res;
1610
1611 if (!migrate_background_snapshot()) {
1612 return NULL;
1613 }
1614
1615 res = uffd_read_events(rs->uffdio_fd, &uffd_msg, 1);
1616 if (res <= 0) {
1617 return NULL;
1618 }
1619
1620 page_address = (void *)(uintptr_t) uffd_msg.arg.pagefault.address;
1621 block = qemu_ram_block_from_host(page_address, false, offset);
1622 assert(block && (block->flags & RAM_UF_WRITEPROTECT) != 0);
1623 return block;
1624 }
1625
1626 /**
1627 * ram_save_release_protection: release UFFD write protection after
1628 * a range of pages has been saved
1629 *
1630 * @rs: current RAM state
1631 * @pss: page-search-status structure
1632 * @start_page: index of the first page in the range relative to pss->block
1633 *
1634 * Returns 0 on success, negative value in case of an error
1635 */
1636 static int ram_save_release_protection(RAMState *rs, PageSearchStatus *pss,
1637 unsigned long start_page)
1638 {
1639 int res = 0;
1640
1641 /* Check if page is from UFFD-managed region. */
1642 if (pss->block->flags & RAM_UF_WRITEPROTECT) {
1643 void *page_address = pss->block->host + (start_page << TARGET_PAGE_BITS);
1644 uint64_t run_length = (pss->page - start_page) << TARGET_PAGE_BITS;
1645
1646 /* Flush async buffers before un-protect. */
1647 qemu_fflush(rs->f);
1648 /* Un-protect memory range. */
1649 res = uffd_change_protection(rs->uffdio_fd, page_address, run_length,
1650 false, false);
1651 }
1652
1653 return res;
1654 }
1655
1656 /* ram_write_tracking_available: check if kernel supports required UFFD features
1657 *
1658 * Returns true if supports, false otherwise
1659 */
1660 bool ram_write_tracking_available(void)
1661 {
1662 uint64_t uffd_features;
1663 int res;
1664
1665 res = uffd_query_features(&uffd_features);
1666 return (res == 0 &&
1667 (uffd_features & UFFD_FEATURE_PAGEFAULT_FLAG_WP) != 0);
1668 }
1669
1670 /* ram_write_tracking_compatible: check if guest configuration is
1671 * compatible with 'write-tracking'
1672 *
1673 * Returns true if compatible, false otherwise
1674 */
1675 bool ram_write_tracking_compatible(void)
1676 {
1677 const uint64_t uffd_ioctls_mask = BIT(_UFFDIO_WRITEPROTECT);
1678 int uffd_fd;
1679 RAMBlock *block;
1680 bool ret = false;
1681
1682 /* Open UFFD file descriptor */
1683 uffd_fd = uffd_create_fd(UFFD_FEATURE_PAGEFAULT_FLAG_WP, false);
1684 if (uffd_fd < 0) {
1685 return false;
1686 }
1687
1688 RCU_READ_LOCK_GUARD();
1689
1690 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
1691 uint64_t uffd_ioctls;
1692
1693 /* Nothing to do with read-only and MMIO-writable regions */
1694 if (block->mr->readonly || block->mr->rom_device) {
1695 continue;
1696 }
1697 /* Try to register block memory via UFFD-IO to track writes */
1698 if (uffd_register_memory(uffd_fd, block->host, block->max_length,
1699 UFFDIO_REGISTER_MODE_WP, &uffd_ioctls)) {
1700 goto out;
1701 }
1702 if ((uffd_ioctls & uffd_ioctls_mask) != uffd_ioctls_mask) {
1703 goto out;
1704 }
1705 }
1706 ret = true;
1707
1708 out:
1709 uffd_close_fd(uffd_fd);
1710 return ret;
1711 }
1712
1713 static inline void populate_read_range(RAMBlock *block, ram_addr_t offset,
1714 ram_addr_t size)
1715 {
1716 /*
1717 * We read one byte of each page; this will preallocate page tables if
1718 * required and populate the shared zeropage on MAP_PRIVATE anonymous memory
1719 * where no page was populated yet. This might require adaption when
1720 * supporting other mappings, like shmem.
1721 */
1722 for (; offset < size; offset += block->page_size) {
1723 char tmp = *((char *)block->host + offset);
1724
1725 /* Don't optimize the read out */
1726 asm volatile("" : "+r" (tmp));
1727 }
1728 }
1729
1730 static inline int populate_read_section(MemoryRegionSection *section,
1731 void *opaque)
1732 {
1733 const hwaddr size = int128_get64(section->size);
1734 hwaddr offset = section->offset_within_region;
1735 RAMBlock *block = section->mr->ram_block;
1736
1737 populate_read_range(block, offset, size);
1738 return 0;
1739 }
1740
1741 /*
1742 * ram_block_populate_read: preallocate page tables and populate pages in the
1743 * RAM block by reading a byte of each page.
1744 *
1745 * Since it's solely used for userfault_fd WP feature, here we just
1746 * hardcode page size to qemu_real_host_page_size.
1747 *
1748 * @block: RAM block to populate
1749 */
1750 static void ram_block_populate_read(RAMBlock *rb)
1751 {
1752 /*
1753 * Skip populating all pages that fall into a discarded range as managed by
1754 * a RamDiscardManager responsible for the mapped memory region of the
1755 * RAMBlock. Such discarded ("logically unplugged") parts of a RAMBlock
1756 * must not get populated automatically. We don't have to track
1757 * modifications via userfaultfd WP reliably, because these pages will
1758 * not be part of the migration stream either way -- see
1759 * ramblock_dirty_bitmap_exclude_discarded_pages().
1760 *
1761 * Note: The result is only stable while migrating (precopy/postcopy).
1762 */
1763 if (rb->mr && memory_region_has_ram_discard_manager(rb->mr)) {
1764 RamDiscardManager *rdm = memory_region_get_ram_discard_manager(rb->mr);
1765 MemoryRegionSection section = {
1766 .mr = rb->mr,
1767 .offset_within_region = 0,
1768 .size = rb->mr->size,
1769 };
1770
1771 ram_discard_manager_replay_populated(rdm, &section,
1772 populate_read_section, NULL);
1773 } else {
1774 populate_read_range(rb, 0, rb->used_length);
1775 }
1776 }
1777
1778 /*
1779 * ram_write_tracking_prepare: prepare for UFFD-WP memory tracking
1780 */
1781 void ram_write_tracking_prepare(void)
1782 {
1783 RAMBlock *block;
1784
1785 RCU_READ_LOCK_GUARD();
1786
1787 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
1788 /* Nothing to do with read-only and MMIO-writable regions */
1789 if (block->mr->readonly || block->mr->rom_device) {
1790 continue;
1791 }
1792
1793 /*
1794 * Populate pages of the RAM block before enabling userfault_fd
1795 * write protection.
1796 *
1797 * This stage is required since ioctl(UFFDIO_WRITEPROTECT) with
1798 * UFFDIO_WRITEPROTECT_MODE_WP mode setting would silently skip
1799 * pages with pte_none() entries in page table.
1800 */
1801 ram_block_populate_read(block);
1802 }
1803 }
1804
1805 /*
1806 * ram_write_tracking_start: start UFFD-WP memory tracking
1807 *
1808 * Returns 0 for success or negative value in case of error
1809 */
1810 int ram_write_tracking_start(void)
1811 {
1812 int uffd_fd;
1813 RAMState *rs = ram_state;
1814 RAMBlock *block;
1815
1816 /* Open UFFD file descriptor */
1817 uffd_fd = uffd_create_fd(UFFD_FEATURE_PAGEFAULT_FLAG_WP, true);
1818 if (uffd_fd < 0) {
1819 return uffd_fd;
1820 }
1821 rs->uffdio_fd = uffd_fd;
1822
1823 RCU_READ_LOCK_GUARD();
1824
1825 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
1826 /* Nothing to do with read-only and MMIO-writable regions */
1827 if (block->mr->readonly || block->mr->rom_device) {
1828 continue;
1829 }
1830
1831 /* Register block memory with UFFD to track writes */
1832 if (uffd_register_memory(rs->uffdio_fd, block->host,
1833 block->max_length, UFFDIO_REGISTER_MODE_WP, NULL)) {
1834 goto fail;
1835 }
1836 /* Apply UFFD write protection to the block memory range */
1837 if (uffd_change_protection(rs->uffdio_fd, block->host,
1838 block->max_length, true, false)) {
1839 goto fail;
1840 }
1841 block->flags |= RAM_UF_WRITEPROTECT;
1842 memory_region_ref(block->mr);
1843
1844 trace_ram_write_tracking_ramblock_start(block->idstr, block->page_size,
1845 block->host, block->max_length);
1846 }
1847
1848 return 0;
1849
1850 fail:
1851 error_report("ram_write_tracking_start() failed: restoring initial memory state");
1852
1853 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
1854 if ((block->flags & RAM_UF_WRITEPROTECT) == 0) {
1855 continue;
1856 }
1857 /*
1858 * In case some memory block failed to be write-protected
1859 * remove protection and unregister all succeeded RAM blocks
1860 */
1861 uffd_change_protection(rs->uffdio_fd, block->host, block->max_length,
1862 false, false);
1863 uffd_unregister_memory(rs->uffdio_fd, block->host, block->max_length);
1864 /* Cleanup flags and remove reference */
1865 block->flags &= ~RAM_UF_WRITEPROTECT;
1866 memory_region_unref(block->mr);
1867 }
1868
1869 uffd_close_fd(uffd_fd);
1870 rs->uffdio_fd = -1;
1871 return -1;
1872 }
1873
1874 /**
1875 * ram_write_tracking_stop: stop UFFD-WP memory tracking and remove protection
1876 */
1877 void ram_write_tracking_stop(void)
1878 {
1879 RAMState *rs = ram_state;
1880 RAMBlock *block;
1881
1882 RCU_READ_LOCK_GUARD();
1883
1884 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
1885 if ((block->flags & RAM_UF_WRITEPROTECT) == 0) {
1886 continue;
1887 }
1888 /* Remove protection and unregister all affected RAM blocks */
1889 uffd_change_protection(rs->uffdio_fd, block->host, block->max_length,
1890 false, false);
1891 uffd_unregister_memory(rs->uffdio_fd, block->host, block->max_length);
1892
1893 trace_ram_write_tracking_ramblock_stop(block->idstr, block->page_size,
1894 block->host, block->max_length);
1895
1896 /* Cleanup flags and remove reference */
1897 block->flags &= ~RAM_UF_WRITEPROTECT;
1898 memory_region_unref(block->mr);
1899 }
1900
1901 /* Finally close UFFD file descriptor */
1902 uffd_close_fd(rs->uffdio_fd);
1903 rs->uffdio_fd = -1;
1904 }
1905
1906 #else
1907 /* No target OS support, stubs just fail or ignore */
1908
1909 static RAMBlock *poll_fault_page(RAMState *rs, ram_addr_t *offset)
1910 {
1911 (void) rs;
1912 (void) offset;
1913
1914 return NULL;
1915 }
1916
1917 static int ram_save_release_protection(RAMState *rs, PageSearchStatus *pss,
1918 unsigned long start_page)
1919 {
1920 (void) rs;
1921 (void) pss;
1922 (void) start_page;
1923
1924 return 0;
1925 }
1926
1927 bool ram_write_tracking_available(void)
1928 {
1929 return false;
1930 }
1931
1932 bool ram_write_tracking_compatible(void)
1933 {
1934 assert(0);
1935 return false;
1936 }
1937
1938 int ram_write_tracking_start(void)
1939 {
1940 assert(0);
1941 return -1;
1942 }
1943
1944 void ram_write_tracking_stop(void)
1945 {
1946 assert(0);
1947 }
1948 #endif /* defined(__linux__) */
1949
1950 /**
1951 * get_queued_page: unqueue a page from the postcopy requests
1952 *
1953 * Skips pages that are already sent (!dirty)
1954 *
1955 * Returns true if a queued page is found
1956 *
1957 * @rs: current RAM state
1958 * @pss: data about the state of the current dirty page scan
1959 */
1960 static bool get_queued_page(RAMState *rs, PageSearchStatus *pss)
1961 {
1962 RAMBlock *block;
1963 ram_addr_t offset;
1964
1965 block = unqueue_page(rs, &offset);
1966
1967 if (!block) {
1968 /*
1969 * Poll write faults too if background snapshot is enabled; that's
1970 * when we have vcpus got blocked by the write protected pages.
1971 */
1972 block = poll_fault_page(rs, &offset);
1973 }
1974
1975 if (block) {
1976 /*
1977 * We want the background search to continue from the queued page
1978 * since the guest is likely to want other pages near to the page
1979 * it just requested.
1980 */
1981 pss->block = block;
1982 pss->page = offset >> TARGET_PAGE_BITS;
1983
1984 /*
1985 * This unqueued page would break the "one round" check, even is
1986 * really rare.
1987 */
1988 pss->complete_round = false;
1989 pss->postcopy_requested = true;
1990 }
1991
1992 return !!block;
1993 }
1994
1995 /**
1996 * migration_page_queue_free: drop any remaining pages in the ram
1997 * request queue
1998 *
1999 * It should be empty at the end anyway, but in error cases there may
2000 * be some left. in case that there is any page left, we drop it.
2001 *
2002 */
2003 static void migration_page_queue_free(RAMState *rs)
2004 {
2005 struct RAMSrcPageRequest *mspr, *next_mspr;
2006 /* This queue generally should be empty - but in the case of a failed
2007 * migration might have some droppings in.
2008 */
2009 RCU_READ_LOCK_GUARD();
2010 QSIMPLEQ_FOREACH_SAFE(mspr, &rs->src_page_requests, next_req, next_mspr) {
2011 memory_region_unref(mspr->rb->mr);
2012 QSIMPLEQ_REMOVE_HEAD(&rs->src_page_requests, next_req);
2013 g_free(mspr);
2014 }
2015 }
2016
2017 /**
2018 * ram_save_queue_pages: queue the page for transmission
2019 *
2020 * A request from postcopy destination for example.
2021 *
2022 * Returns zero on success or negative on error
2023 *
2024 * @rbname: Name of the RAMBLock of the request. NULL means the
2025 * same that last one.
2026 * @start: starting address from the start of the RAMBlock
2027 * @len: length (in bytes) to send
2028 */
2029 int ram_save_queue_pages(const char *rbname, ram_addr_t start, ram_addr_t len)
2030 {
2031 RAMBlock *ramblock;
2032 RAMState *rs = ram_state;
2033
2034 ram_counters.postcopy_requests++;
2035 RCU_READ_LOCK_GUARD();
2036
2037 if (!rbname) {
2038 /* Reuse last RAMBlock */
2039 ramblock = rs->last_req_rb;
2040
2041 if (!ramblock) {
2042 /*
2043 * Shouldn't happen, we can't reuse the last RAMBlock if
2044 * it's the 1st request.
2045 */
2046 error_report("ram_save_queue_pages no previous block");
2047 return -1;
2048 }
2049 } else {
2050 ramblock = qemu_ram_block_by_name(rbname);
2051
2052 if (!ramblock) {
2053 /* We shouldn't be asked for a non-existent RAMBlock */
2054 error_report("ram_save_queue_pages no block '%s'", rbname);
2055 return -1;
2056 }
2057 rs->last_req_rb = ramblock;
2058 }
2059 trace_ram_save_queue_pages(ramblock->idstr, start, len);
2060 if (!offset_in_ramblock(ramblock, start + len - 1)) {
2061 error_report("%s request overrun start=" RAM_ADDR_FMT " len="
2062 RAM_ADDR_FMT " blocklen=" RAM_ADDR_FMT,
2063 __func__, start, len, ramblock->used_length);
2064 return -1;
2065 }
2066
2067 struct RAMSrcPageRequest *new_entry =
2068 g_new0(struct RAMSrcPageRequest, 1);
2069 new_entry->rb = ramblock;
2070 new_entry->offset = start;
2071 new_entry->len = len;
2072
2073 memory_region_ref(ramblock->mr);
2074 qemu_mutex_lock(&rs->src_page_req_mutex);
2075 QSIMPLEQ_INSERT_TAIL(&rs->src_page_requests, new_entry, next_req);
2076 migration_make_urgent_request();
2077 qemu_mutex_unlock(&rs->src_page_req_mutex);
2078
2079 return 0;
2080 }
2081
2082 static bool save_page_use_compression(RAMState *rs)
2083 {
2084 if (!migrate_use_compression()) {
2085 return false;
2086 }
2087
2088 /*
2089 * If xbzrle is enabled (e.g., after first round of migration), stop
2090 * using the data compression. In theory, xbzrle can do better than
2091 * compression.
2092 */
2093 if (rs->xbzrle_enabled) {
2094 return false;
2095 }
2096
2097 return true;
2098 }
2099
2100 /*
2101 * try to compress the page before posting it out, return true if the page
2102 * has been properly handled by compression, otherwise needs other
2103 * paths to handle it
2104 */
2105 static bool save_compress_page(RAMState *rs, RAMBlock *block, ram_addr_t offset)
2106 {
2107 if (!save_page_use_compression(rs)) {
2108 return false;
2109 }
2110
2111 /*
2112 * When starting the process of a new block, the first page of
2113 * the block should be sent out before other pages in the same
2114 * block, and all the pages in last block should have been sent
2115 * out, keeping this order is important, because the 'cont' flag
2116 * is used to avoid resending the block name.
2117 *
2118 * We post the fist page as normal page as compression will take
2119 * much CPU resource.
2120 */
2121 if (block != rs->last_sent_block) {
2122 flush_compressed_data(rs);
2123 return false;
2124 }
2125
2126 if (compress_page_with_multi_thread(rs, block, offset) > 0) {
2127 return true;
2128 }
2129
2130 compression_counters.busy++;
2131 return false;
2132 }
2133
2134 /**
2135 * ram_save_target_page: save one target page
2136 *
2137 * Returns the number of pages written
2138 *
2139 * @rs: current RAM state
2140 * @pss: data about the page we want to send
2141 */
2142 static int ram_save_target_page(RAMState *rs, PageSearchStatus *pss)
2143 {
2144 RAMBlock *block = pss->block;
2145 ram_addr_t offset = ((ram_addr_t)pss->page) << TARGET_PAGE_BITS;
2146 int res;
2147
2148 if (control_save_page(rs, block, offset, &res)) {
2149 return res;
2150 }
2151
2152 if (save_compress_page(rs, block, offset)) {
2153 return 1;
2154 }
2155
2156 res = save_zero_page(rs, block, offset);
2157 if (res > 0) {
2158 /* Must let xbzrle know, otherwise a previous (now 0'd) cached
2159 * page would be stale
2160 */
2161 if (!save_page_use_compression(rs)) {
2162 XBZRLE_cache_lock();
2163 xbzrle_cache_zero_page(rs, block->offset + offset);
2164 XBZRLE_cache_unlock();
2165 }
2166 return res;
2167 }
2168
2169 /*
2170 * Do not use multifd for:
2171 * 1. Compression as the first page in the new block should be posted out
2172 * before sending the compressed page
2173 * 2. In postcopy as one whole host page should be placed
2174 */
2175 if (!save_page_use_compression(rs) && migrate_use_multifd()
2176 && !migration_in_postcopy()) {
2177 return ram_save_multifd_page(rs, block, offset);
2178 }
2179
2180 return ram_save_page(rs, pss);
2181 }
2182
2183 /**
2184 * ram_save_host_page: save a whole host page
2185 *
2186 * Starting at *offset send pages up to the end of the current host
2187 * page. It's valid for the initial offset to point into the middle of
2188 * a host page in which case the remainder of the hostpage is sent.
2189 * Only dirty target pages are sent. Note that the host page size may
2190 * be a huge page for this block.
2191 * The saving stops at the boundary of the used_length of the block
2192 * if the RAMBlock isn't a multiple of the host page size.
2193 *
2194 * Returns the number of pages written or negative on error
2195 *
2196 * @rs: current RAM state
2197 * @pss: data about the page we want to send
2198 */
2199 static int ram_save_host_page(RAMState *rs, PageSearchStatus *pss)
2200 {
2201 int tmppages, pages = 0;
2202 size_t pagesize_bits =
2203 qemu_ram_pagesize(pss->block) >> TARGET_PAGE_BITS;
2204 unsigned long hostpage_boundary =
2205 QEMU_ALIGN_UP(pss->page + 1, pagesize_bits);
2206 unsigned long start_page = pss->page;
2207 int res;
2208
2209 if (ramblock_is_ignored(pss->block)) {
2210 error_report("block %s should not be migrated !", pss->block->idstr);
2211 return 0;
2212 }
2213
2214 do {
2215 /* Check the pages is dirty and if it is send it */
2216 if (migration_bitmap_clear_dirty(rs, pss->block, pss->page)) {
2217 tmppages = ram_save_target_page(rs, pss);
2218 if (tmppages < 0) {
2219 return tmppages;
2220 }
2221
2222 pages += tmppages;
2223 /*
2224 * Allow rate limiting to happen in the middle of huge pages if
2225 * something is sent in the current iteration.
2226 */
2227 if (pagesize_bits > 1 && tmppages > 0) {
2228 migration_rate_limit();
2229 }
2230 }
2231 pss->page = migration_bitmap_find_dirty(rs, pss->block, pss->page);
2232 } while ((pss->page < hostpage_boundary) &&
2233 offset_in_ramblock(pss->block,
2234 ((ram_addr_t)pss->page) << TARGET_PAGE_BITS));
2235 /* The offset we leave with is the min boundary of host page and block */
2236 pss->page = MIN(pss->page, hostpage_boundary);
2237
2238 res = ram_save_release_protection(rs, pss, start_page);
2239 return (res < 0 ? res : pages);
2240 }
2241
2242 /**
2243 * ram_find_and_save_block: finds a dirty page and sends it to f
2244 *
2245 * Called within an RCU critical section.
2246 *
2247 * Returns the number of pages written where zero means no dirty pages,
2248 * or negative on error
2249 *
2250 * @rs: current RAM state
2251 *
2252 * On systems where host-page-size > target-page-size it will send all the
2253 * pages in a host page that are dirty.
2254 */
2255 static int ram_find_and_save_block(RAMState *rs)
2256 {
2257 PageSearchStatus pss;
2258 int pages = 0;
2259 bool again, found;
2260
2261 /* No dirty page as there is zero RAM */
2262 if (!ram_bytes_total()) {
2263 return pages;
2264 }
2265
2266 pss.block = rs->last_seen_block;
2267 pss.page = rs->last_page;
2268 pss.complete_round = false;
2269
2270 if (!pss.block) {
2271 pss.block = QLIST_FIRST_RCU(&ram_list.blocks);
2272 }
2273
2274 do {
2275 again = true;
2276 found = get_queued_page(rs, &pss);
2277
2278 if (!found) {
2279 /* priority queue empty, so just search for something dirty */
2280 found = find_dirty_block(rs, &pss, &again);
2281 }
2282
2283 if (found) {
2284 pages = ram_save_host_page(rs, &pss);
2285 }
2286 } while (!pages && again);
2287
2288 rs->last_seen_block = pss.block;
2289 rs->last_page = pss.page;
2290
2291 return pages;
2292 }
2293
2294 void acct_update_position(QEMUFile *f, size_t size, bool zero)
2295 {
2296 uint64_t pages = size / TARGET_PAGE_SIZE;
2297
2298 if (zero) {
2299 ram_counters.duplicate += pages;
2300 } else {
2301 ram_counters.normal += pages;
2302 ram_transferred_add(size);
2303 qemu_file_credit_transfer(f, size);
2304 }
2305 }
2306
2307 static uint64_t ram_bytes_total_common(bool count_ignored)
2308 {
2309 RAMBlock *block;
2310 uint64_t total = 0;
2311
2312 RCU_READ_LOCK_GUARD();
2313
2314 if (count_ignored) {
2315 RAMBLOCK_FOREACH_MIGRATABLE(block) {
2316 total += block->used_length;
2317 }
2318 } else {
2319 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
2320 total += block->used_length;
2321 }
2322 }
2323 return total;
2324 }
2325
2326 uint64_t ram_bytes_total(void)
2327 {
2328 return ram_bytes_total_common(false);
2329 }
2330
2331 static void xbzrle_load_setup(void)
2332 {
2333 XBZRLE.decoded_buf = g_malloc(TARGET_PAGE_SIZE);
2334 }
2335
2336 static void xbzrle_load_cleanup(void)
2337 {
2338 g_free(XBZRLE.decoded_buf);
2339 XBZRLE.decoded_buf = NULL;
2340 }
2341
2342 static void ram_state_cleanup(RAMState **rsp)
2343 {
2344 if (*rsp) {
2345 migration_page_queue_free(*rsp);
2346 qemu_mutex_destroy(&(*rsp)->bitmap_mutex);
2347 qemu_mutex_destroy(&(*rsp)->src_page_req_mutex);
2348 g_free(*rsp);
2349 *rsp = NULL;
2350 }
2351 }
2352
2353 static void xbzrle_cleanup(void)
2354 {
2355 XBZRLE_cache_lock();
2356 if (XBZRLE.cache) {
2357 cache_fini(XBZRLE.cache);
2358 g_free(XBZRLE.encoded_buf);
2359 g_free(XBZRLE.current_buf);
2360 g_free(XBZRLE.zero_target_page);
2361 XBZRLE.cache = NULL;
2362 XBZRLE.encoded_buf = NULL;
2363 XBZRLE.current_buf = NULL;
2364 XBZRLE.zero_target_page = NULL;
2365 }
2366 XBZRLE_cache_unlock();
2367 }
2368
2369 static void ram_save_cleanup(void *opaque)
2370 {
2371 RAMState **rsp = opaque;
2372 RAMBlock *block;
2373
2374 /* We don't use dirty log with background snapshots */
2375 if (!migrate_background_snapshot()) {
2376 /* caller have hold iothread lock or is in a bh, so there is
2377 * no writing race against the migration bitmap
2378 */
2379 if (global_dirty_tracking & GLOBAL_DIRTY_MIGRATION) {
2380 /*
2381 * do not stop dirty log without starting it, since
2382 * memory_global_dirty_log_stop will assert that
2383 * memory_global_dirty_log_start/stop used in pairs
2384 */
2385 memory_global_dirty_log_stop(GLOBAL_DIRTY_MIGRATION);
2386 }
2387 }
2388
2389 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
2390 g_free(block->clear_bmap);
2391 block->clear_bmap = NULL;
2392 g_free(block->bmap);
2393 block->bmap = NULL;
2394 }
2395
2396 xbzrle_cleanup();
2397 compress_threads_save_cleanup();
2398 ram_state_cleanup(rsp);
2399 }
2400
2401 static void ram_state_reset(RAMState *rs)
2402 {
2403 rs->last_seen_block = NULL;
2404 rs->last_sent_block = NULL;
2405 rs->last_page = 0;
2406 rs->last_version = ram_list.version;
2407 rs->xbzrle_enabled = false;
2408 }
2409
2410 #define MAX_WAIT 50 /* ms, half buffered_file limit */
2411
2412 /* **** functions for postcopy ***** */
2413
2414 void ram_postcopy_migrated_memory_release(MigrationState *ms)
2415 {
2416 struct RAMBlock *block;
2417
2418 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
2419 unsigned long *bitmap = block->bmap;
2420 unsigned long range = block->used_length >> TARGET_PAGE_BITS;
2421 unsigned long run_start = find_next_zero_bit(bitmap, range, 0);
2422
2423 while (run_start < range) {
2424 unsigned long run_end = find_next_bit(bitmap, range, run_start + 1);
2425 ram_discard_range(block->idstr,
2426 ((ram_addr_t)run_start) << TARGET_PAGE_BITS,
2427 ((ram_addr_t)(run_end - run_start))
2428 << TARGET_PAGE_BITS);
2429 run_start = find_next_zero_bit(bitmap, range, run_end + 1);
2430 }
2431 }
2432 }
2433
2434 /**
2435 * postcopy_send_discard_bm_ram: discard a RAMBlock
2436 *
2437 * Callback from postcopy_each_ram_send_discard for each RAMBlock
2438 *
2439 * @ms: current migration state
2440 * @block: RAMBlock to discard
2441 */
2442 static void postcopy_send_discard_bm_ram(MigrationState *ms, RAMBlock *block)
2443 {
2444 unsigned long end = block->used_length >> TARGET_PAGE_BITS;
2445 unsigned long current;
2446 unsigned long *bitmap = block->bmap;
2447
2448 for (current = 0; current < end; ) {
2449 unsigned long one = find_next_bit(bitmap, end, current);
2450 unsigned long zero, discard_length;
2451
2452 if (one >= end) {
2453 break;
2454 }
2455
2456 zero = find_next_zero_bit(bitmap, end, one + 1);
2457
2458 if (zero >= end) {
2459 discard_length = end - one;
2460 } else {
2461 discard_length = zero - one;
2462 }
2463 postcopy_discard_send_range(ms, one, discard_length);
2464 current = one + discard_length;
2465 }
2466 }
2467
2468 static void postcopy_chunk_hostpages_pass(MigrationState *ms, RAMBlock *block);
2469
2470 /**
2471 * postcopy_each_ram_send_discard: discard all RAMBlocks
2472 *
2473 * Utility for the outgoing postcopy code.
2474 * Calls postcopy_send_discard_bm_ram for each RAMBlock
2475 * passing it bitmap indexes and name.
2476 * (qemu_ram_foreach_block ends up passing unscaled lengths
2477 * which would mean postcopy code would have to deal with target page)
2478 *
2479 * @ms: current migration state
2480 */
2481 static void postcopy_each_ram_send_discard(MigrationState *ms)
2482 {
2483 struct RAMBlock *block;
2484
2485 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
2486 postcopy_discard_send_init(ms, block->idstr);
2487
2488 /*
2489 * Deal with TPS != HPS and huge pages. It discard any partially sent
2490 * host-page size chunks, mark any partially dirty host-page size
2491 * chunks as all dirty. In this case the host-page is the host-page
2492 * for the particular RAMBlock, i.e. it might be a huge page.
2493 */
2494 postcopy_chunk_hostpages_pass(ms, block);
2495
2496 /*
2497 * Postcopy sends chunks of bitmap over the wire, but it
2498 * just needs indexes at this point, avoids it having
2499 * target page specific code.
2500 */
2501 postcopy_send_discard_bm_ram(ms, block);
2502 postcopy_discard_send_finish(ms);
2503 }
2504 }
2505
2506 /**
2507 * postcopy_chunk_hostpages_pass: canonicalize bitmap in hostpages
2508 *
2509 * Helper for postcopy_chunk_hostpages; it's called twice to
2510 * canonicalize the two bitmaps, that are similar, but one is
2511 * inverted.
2512 *
2513 * Postcopy requires that all target pages in a hostpage are dirty or
2514 * clean, not a mix. This function canonicalizes the bitmaps.
2515 *
2516 * @ms: current migration state
2517 * @block: block that contains the page we want to canonicalize
2518 */
2519 static void postcopy_chunk_hostpages_pass(MigrationState *ms, RAMBlock *block)
2520 {
2521 RAMState *rs = ram_state;
2522 unsigned long *bitmap = block->bmap;
2523 unsigned int host_ratio = block->page_size / TARGET_PAGE_SIZE;
2524 unsigned long pages = block->used_length >> TARGET_PAGE_BITS;
2525 unsigned long run_start;
2526
2527 if (block->page_size == TARGET_PAGE_SIZE) {
2528 /* Easy case - TPS==HPS for a non-huge page RAMBlock */
2529 return;
2530 }
2531
2532 /* Find a dirty page */
2533 run_start = find_next_bit(bitmap, pages, 0);
2534
2535 while (run_start < pages) {
2536
2537 /*
2538 * If the start of this run of pages is in the middle of a host
2539 * page, then we need to fixup this host page.
2540 */
2541 if (QEMU_IS_ALIGNED(run_start, host_ratio)) {
2542 /* Find the end of this run */
2543 run_start = find_next_zero_bit(bitmap, pages, run_start + 1);
2544 /*
2545 * If the end isn't at the start of a host page, then the
2546 * run doesn't finish at the end of a host page
2547 * and we need to discard.
2548 */
2549 }
2550
2551 if (!QEMU_IS_ALIGNED(run_start, host_ratio)) {
2552 unsigned long page;
2553 unsigned long fixup_start_addr = QEMU_ALIGN_DOWN(run_start,
2554 host_ratio);
2555 run_start = QEMU_ALIGN_UP(run_start, host_ratio);
2556
2557 /* Clean up the bitmap */
2558 for (page = fixup_start_addr;
2559 page < fixup_start_addr + host_ratio; page++) {
2560 /*
2561 * Remark them as dirty, updating the count for any pages
2562 * that weren't previously dirty.
2563 */
2564 rs->migration_dirty_pages += !test_and_set_bit(page, bitmap);
2565 }
2566 }
2567
2568 /* Find the next dirty page for the next iteration */
2569 run_start = find_next_bit(bitmap, pages, run_start);
2570 }
2571 }
2572
2573 /**
2574 * ram_postcopy_send_discard_bitmap: transmit the discard bitmap
2575 *
2576 * Transmit the set of pages to be discarded after precopy to the target
2577 * these are pages that:
2578 * a) Have been previously transmitted but are now dirty again
2579 * b) Pages that have never been transmitted, this ensures that
2580 * any pages on the destination that have been mapped by background
2581 * tasks get discarded (transparent huge pages is the specific concern)
2582 * Hopefully this is pretty sparse
2583 *
2584 * @ms: current migration state
2585 */
2586 void ram_postcopy_send_discard_bitmap(MigrationState *ms)
2587 {
2588 RAMState *rs = ram_state;
2589
2590 RCU_READ_LOCK_GUARD();
2591
2592 /* This should be our last sync, the src is now paused */
2593 migration_bitmap_sync(rs);
2594
2595 /* Easiest way to make sure we don't resume in the middle of a host-page */
2596 rs->last_seen_block = NULL;
2597 rs->last_sent_block = NULL;
2598 rs->last_page = 0;
2599
2600 postcopy_each_ram_send_discard(ms);
2601
2602 trace_ram_postcopy_send_discard_bitmap();
2603 }
2604
2605 /**
2606 * ram_discard_range: discard dirtied pages at the beginning of postcopy
2607 *
2608 * Returns zero on success
2609 *
2610 * @rbname: name of the RAMBlock of the request. NULL means the
2611 * same that last one.
2612 * @start: RAMBlock starting page
2613 * @length: RAMBlock size
2614 */
2615 int ram_discard_range(const char *rbname, uint64_t start, size_t length)
2616 {
2617 trace_ram_discard_range(rbname, start, length);
2618
2619 RCU_READ_LOCK_GUARD();
2620 RAMBlock *rb = qemu_ram_block_by_name(rbname);
2621
2622 if (!rb) {
2623 error_report("ram_discard_range: Failed to find block '%s'", rbname);
2624 return -1;
2625 }
2626
2627 /*
2628 * On source VM, we don't need to update the received bitmap since
2629 * we don't even have one.
2630 */
2631 if (rb->receivedmap) {
2632 bitmap_clear(rb->receivedmap, start >> qemu_target_page_bits(),
2633 length >> qemu_target_page_bits());
2634 }
2635
2636 return ram_block_discard_range(rb, start, length);
2637 }
2638
2639 /*
2640 * For every allocation, we will try not to crash the VM if the
2641 * allocation failed.
2642 */
2643 static int xbzrle_init(void)
2644 {
2645 Error *local_err = NULL;
2646
2647 if (!migrate_use_xbzrle()) {
2648 return 0;
2649 }
2650
2651 XBZRLE_cache_lock();
2652
2653 XBZRLE.zero_target_page = g_try_malloc0(TARGET_PAGE_SIZE);
2654 if (!XBZRLE.zero_target_page) {
2655 error_report("%s: Error allocating zero page", __func__);
2656 goto err_out;
2657 }
2658
2659 XBZRLE.cache = cache_init(migrate_xbzrle_cache_size(),
2660 TARGET_PAGE_SIZE, &local_err);
2661 if (!XBZRLE.cache) {
2662 error_report_err(local_err);
2663 goto free_zero_page;
2664 }
2665
2666 XBZRLE.encoded_buf = g_try_malloc0(TARGET_PAGE_SIZE);
2667 if (!XBZRLE.encoded_buf) {
2668 error_report("%s: Error allocating encoded_buf", __func__);
2669 goto free_cache;
2670 }
2671
2672 XBZRLE.current_buf = g_try_malloc(TARGET_PAGE_SIZE);
2673 if (!XBZRLE.current_buf) {
2674 error_report("%s: Error allocating current_buf", __func__);
2675 goto free_encoded_buf;
2676 }
2677
2678 /* We are all good */
2679 XBZRLE_cache_unlock();
2680 return 0;
2681
2682 free_encoded_buf:
2683 g_free(XBZRLE.encoded_buf);
2684 XBZRLE.encoded_buf = NULL;
2685 free_cache:
2686 cache_fini(XBZRLE.cache);
2687 XBZRLE.cache = NULL;
2688 free_zero_page:
2689 g_free(XBZRLE.zero_target_page);
2690 XBZRLE.zero_target_page = NULL;
2691 err_out:
2692 XBZRLE_cache_unlock();
2693 return -ENOMEM;
2694 }
2695
2696 static int ram_state_init(RAMState **rsp)
2697 {
2698 *rsp = g_try_new0(RAMState, 1);
2699
2700 if (!*rsp) {
2701 error_report("%s: Init ramstate fail", __func__);
2702 return -1;
2703 }
2704
2705 qemu_mutex_init(&(*rsp)->bitmap_mutex);
2706 qemu_mutex_init(&(*rsp)->src_page_req_mutex);
2707 QSIMPLEQ_INIT(&(*rsp)->src_page_requests);
2708
2709 /*
2710 * Count the total number of pages used by ram blocks not including any
2711 * gaps due to alignment or unplugs.
2712 * This must match with the initial values of dirty bitmap.
2713 */
2714 (*rsp)->migration_dirty_pages = ram_bytes_total() >> TARGET_PAGE_BITS;
2715 ram_state_reset(*rsp);
2716
2717 return 0;
2718 }
2719
2720 static void ram_list_init_bitmaps(void)
2721 {
2722 MigrationState *ms = migrate_get_current();
2723 RAMBlock *block;
2724 unsigned long pages;
2725 uint8_t shift;
2726
2727 /* Skip setting bitmap if there is no RAM */
2728 if (ram_bytes_total()) {
2729 shift = ms->clear_bitmap_shift;
2730 if (shift > CLEAR_BITMAP_SHIFT_MAX) {
2731 error_report("clear_bitmap_shift (%u) too big, using "
2732 "max value (%u)", shift, CLEAR_BITMAP_SHIFT_MAX);
2733 shift = CLEAR_BITMAP_SHIFT_MAX;
2734 } else if (shift < CLEAR_BITMAP_SHIFT_MIN) {
2735 error_report("clear_bitmap_shift (%u) too small, using "
2736 "min value (%u)", shift, CLEAR_BITMAP_SHIFT_MIN);
2737 shift = CLEAR_BITMAP_SHIFT_MIN;
2738 }
2739
2740 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
2741 pages = block->max_length >> TARGET_PAGE_BITS;
2742 /*
2743 * The initial dirty bitmap for migration must be set with all
2744 * ones to make sure we'll migrate every guest RAM page to
2745 * destination.
2746 * Here we set RAMBlock.bmap all to 1 because when rebegin a
2747 * new migration after a failed migration, ram_list.
2748 * dirty_memory[DIRTY_MEMORY_MIGRATION] don't include the whole
2749 * guest memory.
2750 */
2751 block->bmap = bitmap_new(pages);
2752 bitmap_set(block->bmap, 0, pages);
2753 block->clear_bmap_shift = shift;
2754 block->clear_bmap = bitmap_new(clear_bmap_size(pages, shift));
2755 }
2756 }
2757 }
2758
2759 static void migration_bitmap_clear_discarded_pages(RAMState *rs)
2760 {
2761 unsigned long pages;
2762 RAMBlock *rb;
2763
2764 RCU_READ_LOCK_GUARD();
2765
2766 RAMBLOCK_FOREACH_NOT_IGNORED(rb) {
2767 pages = ramblock_dirty_bitmap_clear_discarded_pages(rb);
2768 rs->migration_dirty_pages -= pages;
2769 }
2770 }
2771
2772 static void ram_init_bitmaps(RAMState *rs)
2773 {
2774 /* For memory_global_dirty_log_start below. */
2775 qemu_mutex_lock_iothread();
2776 qemu_mutex_lock_ramlist();
2777
2778 WITH_RCU_READ_LOCK_GUARD() {
2779 ram_list_init_bitmaps();
2780 /* We don't use dirty log with background snapshots */
2781 if (!migrate_background_snapshot()) {
2782 memory_global_dirty_log_start(GLOBAL_DIRTY_MIGRATION);
2783 migration_bitmap_sync_precopy(rs);
2784 }
2785 }
2786 qemu_mutex_unlock_ramlist();
2787 qemu_mutex_unlock_iothread();
2788
2789 /*
2790 * After an eventual first bitmap sync, fixup the initial bitmap
2791 * containing all 1s to exclude any discarded pages from migration.
2792 */
2793 migration_bitmap_clear_discarded_pages(rs);
2794 }
2795
2796 static int ram_init_all(RAMState **rsp)
2797 {
2798 if (ram_state_init(rsp)) {
2799 return -1;
2800 }
2801
2802 if (xbzrle_init()) {
2803 ram_state_cleanup(rsp);
2804 return -1;
2805 }
2806
2807 ram_init_bitmaps(*rsp);
2808
2809 return 0;
2810 }
2811
2812 static void ram_state_resume_prepare(RAMState *rs, QEMUFile *out)
2813 {
2814 RAMBlock *block;
2815 uint64_t pages = 0;
2816
2817 /*
2818 * Postcopy is not using xbzrle/compression, so no need for that.
2819 * Also, since source are already halted, we don't need to care
2820 * about dirty page logging as well.
2821 */
2822
2823 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
2824 pages += bitmap_count_one(block->bmap,
2825 block->used_length >> TARGET_PAGE_BITS);
2826 }
2827
2828 /* This may not be aligned with current bitmaps. Recalculate. */
2829 rs->migration_dirty_pages = pages;
2830
2831 ram_state_reset(rs);
2832
2833 /* Update RAMState cache of output QEMUFile */
2834 rs->f = out;
2835
2836 trace_ram_state_resume_prepare(pages);
2837 }
2838
2839 /*
2840 * This function clears bits of the free pages reported by the caller from the
2841 * migration dirty bitmap. @addr is the host address corresponding to the
2842 * start of the continuous guest free pages, and @len is the total bytes of
2843 * those pages.
2844 */
2845 void qemu_guest_free_page_hint(void *addr, size_t len)
2846 {
2847 RAMBlock *block;
2848 ram_addr_t offset;
2849 size_t used_len, start, npages;
2850 MigrationState *s = migrate_get_current();
2851
2852 /* This function is currently expected to be used during live migration */
2853 if (!migration_is_setup_or_active(s->state)) {
2854 return;
2855 }
2856
2857 for (; len > 0; len -= used_len, addr += used_len) {
2858 block = qemu_ram_block_from_host(addr, false, &offset);
2859 if (unlikely(!block || offset >= block->used_length)) {
2860 /*
2861 * The implementation might not support RAMBlock resize during
2862 * live migration, but it could happen in theory with future
2863 * updates. So we add a check here to capture that case.
2864 */
2865 error_report_once("%s unexpected error", __func__);
2866 return;
2867 }
2868
2869 if (len <= block->used_length - offset) {
2870 used_len = len;
2871 } else {
2872 used_len = block->used_length - offset;
2873 }
2874
2875 start = offset >> TARGET_PAGE_BITS;
2876 npages = used_len >> TARGET_PAGE_BITS;
2877
2878 qemu_mutex_lock(&ram_state->bitmap_mutex);
2879 /*
2880 * The skipped free pages are equavalent to be sent from clear_bmap's
2881 * perspective, so clear the bits from the memory region bitmap which
2882 * are initially set. Otherwise those skipped pages will be sent in
2883 * the next round after syncing from the memory region bitmap.
2884 */
2885 migration_clear_memory_region_dirty_bitmap_range(block, start, npages);
2886 ram_state->migration_dirty_pages -=
2887 bitmap_count_one_with_offset(block->bmap, start, npages);
2888 bitmap_clear(block->bmap, start, npages);
2889 qemu_mutex_unlock(&ram_state->bitmap_mutex);
2890 }
2891 }
2892
2893 /*
2894 * Each of ram_save_setup, ram_save_iterate and ram_save_complete has
2895 * long-running RCU critical section. When rcu-reclaims in the code
2896 * start to become numerous it will be necessary to reduce the
2897 * granularity of these critical sections.
2898 */
2899
2900 /**
2901 * ram_save_setup: Setup RAM for migration
2902 *
2903 * Returns zero to indicate success and negative for error
2904 *
2905 * @f: QEMUFile where to send the data
2906 * @opaque: RAMState pointer
2907 */
2908 static int ram_save_setup(QEMUFile *f, void *opaque)
2909 {
2910 RAMState **rsp = opaque;
2911 RAMBlock *block;
2912 int ret;
2913
2914 if (compress_threads_save_setup()) {
2915 return -1;
2916 }
2917
2918 /* migration has already setup the bitmap, reuse it. */
2919 if (!migration_in_colo_state()) {
2920 if (ram_init_all(rsp) != 0) {
2921 compress_threads_save_cleanup();
2922 return -1;
2923 }
2924 }
2925 (*rsp)->f = f;
2926
2927 WITH_RCU_READ_LOCK_GUARD() {
2928 qemu_put_be64(f, ram_bytes_total_common(true) | RAM_SAVE_FLAG_MEM_SIZE);
2929
2930 RAMBLOCK_FOREACH_MIGRATABLE(block) {
2931 qemu_put_byte(f, strlen(block->idstr));
2932 qemu_put_buffer(f, (uint8_t *)block->idstr, strlen(block->idstr));
2933 qemu_put_be64(f, block->used_length);
2934 if (migrate_postcopy_ram() && block->page_size !=
2935 qemu_host_page_size) {
2936 qemu_put_be64(f, block->page_size);
2937 }
2938 if (migrate_ignore_shared()) {
2939 qemu_put_be64(f, block->mr->addr);
2940 }
2941 }
2942 }
2943
2944 ram_control_before_iterate(f, RAM_CONTROL_SETUP);
2945 ram_control_after_iterate(f, RAM_CONTROL_SETUP);
2946
2947 ret = multifd_send_sync_main(f);
2948 if (ret < 0) {
2949 return ret;
2950 }
2951
2952 qemu_put_be64(f, RAM_SAVE_FLAG_EOS);
2953 qemu_fflush(f);
2954
2955 return 0;
2956 }
2957
2958 /**
2959 * ram_save_iterate: iterative stage for migration
2960 *
2961 * Returns zero to indicate success and negative for error
2962 *
2963 * @f: QEMUFile where to send the data
2964 * @opaque: RAMState pointer
2965 */
2966 static int ram_save_iterate(QEMUFile *f, void *opaque)
2967 {
2968 RAMState **temp = opaque;
2969 RAMState *rs = *temp;
2970 int ret = 0;
2971 int i;
2972 int64_t t0;
2973 int done = 0;
2974
2975 if (blk_mig_bulk_active()) {
2976 /* Avoid transferring ram during bulk phase of block migration as
2977 * the bulk phase will usually take a long time and transferring
2978 * ram updates during that time is pointless. */
2979 goto out;
2980 }
2981
2982 /*
2983 * We'll take this lock a little bit long, but it's okay for two reasons.
2984 * Firstly, the only possible other thread to take it is who calls
2985 * qemu_guest_free_page_hint(), which should be rare; secondly, see
2986 * MAX_WAIT (if curious, further see commit 4508bd9ed8053ce) below, which
2987 * guarantees that we'll at least released it in a regular basis.
2988 */
2989 qemu_mutex_lock(&rs->bitmap_mutex);
2990 WITH_RCU_READ_LOCK_GUARD() {
2991 if (ram_list.version != rs->last_version) {
2992 ram_state_reset(rs);
2993 }
2994
2995 /* Read version before ram_list.blocks */
2996 smp_rmb();
2997
2998 ram_control_before_iterate(f, RAM_CONTROL_ROUND);
2999
3000 t0 = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
3001 i = 0;
3002 while ((ret = qemu_file_rate_limit(f)) == 0 ||
3003 postcopy_has_request(rs)) {
3004 int pages;
3005
3006 if (qemu_file_get_error(f)) {
3007 break;
3008 }
3009
3010 pages = ram_find_and_save_block(rs);
3011 /* no more pages to sent */
3012 if (pages == 0) {
3013 done = 1;
3014 break;
3015 }
3016
3017 if (pages < 0) {
3018 qemu_file_set_error(f, pages);
3019 break;
3020 }
3021
3022 rs->target_page_count += pages;
3023
3024 /*
3025 * During postcopy, it is necessary to make sure one whole host
3026 * page is sent in one chunk.
3027 */
3028 if (migrate_postcopy_ram()) {
3029 flush_compressed_data(rs);
3030 }
3031
3032 /*
3033 * we want to check in the 1st loop, just in case it was the 1st
3034 * time and we had to sync the dirty bitmap.
3035 * qemu_clock_get_ns() is a bit expensive, so we only check each
3036 * some iterations
3037 */
3038 if ((i & 63) == 0) {
3039 uint64_t t1 = (qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - t0) /
3040 1000000;
3041 if (t1 > MAX_WAIT) {
3042 trace_ram_save_iterate_big_wait(t1, i);
3043 break;
3044 }
3045 }
3046 i++;
3047 }
3048 }
3049 qemu_mutex_unlock(&rs->bitmap_mutex);
3050
3051 /*
3052 * Must occur before EOS (or any QEMUFile operation)
3053 * because of RDMA protocol.
3054 */
3055 ram_control_after_iterate(f, RAM_CONTROL_ROUND);
3056
3057 out:
3058 if (ret >= 0
3059 && migration_is_setup_or_active(migrate_get_current()->state)) {
3060 ret = multifd_send_sync_main(rs->f);
3061 if (ret < 0) {
3062 return ret;
3063 }
3064
3065 qemu_put_be64(f, RAM_SAVE_FLAG_EOS);
3066 qemu_fflush(f);
3067 ram_transferred_add(8);
3068
3069 ret = qemu_file_get_error(f);
3070 }
3071 if (ret < 0) {
3072 return ret;
3073 }
3074
3075 return done;
3076 }
3077
3078 /**
3079 * ram_save_complete: function called to send the remaining amount of ram
3080 *
3081 * Returns zero to indicate success or negative on error
3082 *
3083 * Called with iothread lock
3084 *
3085 * @f: QEMUFile where to send the data
3086 * @opaque: RAMState pointer
3087 */
3088 static int ram_save_complete(QEMUFile *f, void *opaque)
3089 {
3090 RAMState **temp = opaque;
3091 RAMState *rs = *temp;
3092 int ret = 0;
3093
3094 rs->last_stage = !migration_in_colo_state();
3095
3096 WITH_RCU_READ_LOCK_GUARD() {
3097 if (!migration_in_postcopy()) {
3098 migration_bitmap_sync_precopy(rs);
3099 }
3100
3101 ram_control_before_iterate(f, RAM_CONTROL_FINISH);
3102
3103 /* try transferring iterative blocks of memory */
3104
3105 /* flush all remaining blocks regardless of rate limiting */
3106 while (true) {
3107 int pages;
3108
3109 pages = ram_find_and_save_block(rs);
3110 /* no more blocks to sent */
3111 if (pages == 0) {
3112 break;
3113 }
3114 if (pages < 0) {
3115 ret = pages;
3116 break;
3117 }
3118 }
3119
3120 flush_compressed_data(rs);
3121 ram_control_after_iterate(f, RAM_CONTROL_FINISH);
3122 }
3123
3124 if (ret < 0) {
3125 return ret;
3126 }
3127
3128 ret = multifd_send_sync_main(rs->f);
3129 if (ret < 0) {
3130 return ret;
3131 }
3132
3133 qemu_put_be64(f, RAM_SAVE_FLAG_EOS);
3134 qemu_fflush(f);
3135
3136 return 0;
3137 }
3138
3139 static void ram_save_pending(QEMUFile *f, void *opaque, uint64_t max_size,
3140 uint64_t *res_precopy_only,
3141 uint64_t *res_compatible,
3142 uint64_t *res_postcopy_only)
3143 {
3144 RAMState **temp = opaque;
3145 RAMState *rs = *temp;
3146 uint64_t remaining_size;
3147
3148 remaining_size = rs->migration_dirty_pages * TARGET_PAGE_SIZE;
3149
3150 if (!migration_in_postcopy() &&
3151 remaining_size < max_size) {
3152 qemu_mutex_lock_iothread();
3153 WITH_RCU_READ_LOCK_GUARD() {
3154 migration_bitmap_sync_precopy(rs);
3155 }
3156 qemu_mutex_unlock_iothread();
3157 remaining_size = rs->migration_dirty_pages * TARGET_PAGE_SIZE;
3158 }
3159
3160 if (migrate_postcopy_ram()) {
3161 /* We can do postcopy, and all the data is postcopiable */
3162 *res_compatible += remaining_size;
3163 } else {
3164 *res_precopy_only += remaining_size;
3165 }
3166 }
3167
3168 static int load_xbzrle(QEMUFile *f, ram_addr_t addr, void *host)
3169 {
3170 unsigned int xh_len;
3171 int xh_flags;
3172 uint8_t *loaded_data;
3173
3174 /* extract RLE header */
3175 xh_flags = qemu_get_byte(f);
3176 xh_len = qemu_get_be16(f);
3177
3178 if (xh_flags != ENCODING_FLAG_XBZRLE) {
3179 error_report("Failed to load XBZRLE page - wrong compression!");
3180 return -1;
3181 }
3182
3183 if (xh_len > TARGET_PAGE_SIZE) {
3184 error_report("Failed to load XBZRLE page - len overflow!");
3185 return -1;
3186 }
3187 loaded_data = XBZRLE.decoded_buf;
3188 /* load data and decode */
3189 /* it can change loaded_data to point to an internal buffer */
3190 qemu_get_buffer_in_place(f, &loaded_data, xh_len);
3191
3192 /* decode RLE */
3193 if (xbzrle_decode_buffer(loaded_data, xh_len, host,
3194 TARGET_PAGE_SIZE) == -1) {
3195 error_report("Failed to load XBZRLE page - decode error!");
3196 return -1;
3197 }
3198
3199 return 0;
3200 }
3201
3202 /**
3203 * ram_block_from_stream: read a RAMBlock id from the migration stream
3204 *
3205 * Must be called from within a rcu critical section.
3206 *
3207 * Returns a pointer from within the RCU-protected ram_list.
3208 *
3209 * @mis: the migration incoming state pointer
3210 * @f: QEMUFile where to read the data from
3211 * @flags: Page flags (mostly to see if it's a continuation of previous block)
3212 */
3213 static inline RAMBlock *ram_block_from_stream(MigrationIncomingState *mis,
3214 QEMUFile *f, int flags)
3215 {
3216 RAMBlock *block = mis->last_recv_block;
3217 char id[256];
3218 uint8_t len;
3219
3220 if (flags & RAM_SAVE_FLAG_CONTINUE) {
3221 if (!block) {
3222 error_report("Ack, bad migration stream!");
3223 return NULL;
3224 }
3225 return block;
3226 }
3227
3228 len = qemu_get_byte(f);
3229 qemu_get_buffer(f, (uint8_t *)id, len);
3230 id[len] = 0;
3231
3232 block = qemu_ram_block_by_name(id);
3233 if (!block) {
3234 error_report("Can't find block %s", id);
3235 return NULL;
3236 }
3237
3238 if (ramblock_is_ignored(block)) {
3239 error_report("block %s should not be migrated !", id);
3240 return NULL;
3241 }
3242
3243 mis->last_recv_block = block;
3244
3245 return block;
3246 }
3247
3248 static inline void *host_from_ram_block_offset(RAMBlock *block,
3249 ram_addr_t offset)
3250 {
3251 if (!offset_in_ramblock(block, offset)) {
3252 return NULL;
3253 }
3254
3255 return block->host + offset;
3256 }
3257
3258 static void *host_page_from_ram_block_offset(RAMBlock *block,
3259 ram_addr_t offset)
3260 {
3261 /* Note: Explicitly no check against offset_in_ramblock(). */
3262 return (void *)QEMU_ALIGN_DOWN((uintptr_t)(block->host + offset),
3263 block->page_size);
3264 }
3265
3266 static ram_addr_t host_page_offset_from_ram_block_offset(RAMBlock *block,
3267 ram_addr_t offset)
3268 {
3269 return ((uintptr_t)block->host + offset) & (block->page_size - 1);
3270 }
3271
3272 static inline void *colo_cache_from_block_offset(RAMBlock *block,
3273 ram_addr_t offset, bool record_bitmap)
3274 {
3275 if (!offset_in_ramblock(block, offset)) {
3276 return NULL;
3277 }
3278 if (!block->colo_cache) {
3279 error_report("%s: colo_cache is NULL in block :%s",
3280 __func__, block->idstr);
3281 return NULL;
3282 }
3283
3284 /*
3285 * During colo checkpoint, we need bitmap of these migrated pages.
3286 * It help us to decide which pages in ram cache should be flushed
3287 * into VM's RAM later.
3288 */
3289 if (record_bitmap &&
3290 !test_and_set_bit(offset >> TARGET_PAGE_BITS, block->bmap)) {
3291 ram_state->migration_dirty_pages++;
3292 }
3293 return block->colo_cache + offset;
3294 }
3295
3296 /**
3297 * ram_handle_compressed: handle the zero page case
3298 *
3299 * If a page (or a whole RDMA chunk) has been
3300 * determined to be zero, then zap it.
3301 *
3302 * @host: host address for the zero page
3303 * @ch: what the page is filled from. We only support zero
3304 * @size: size of the zero page
3305 */
3306 void ram_handle_compressed(void *host, uint8_t ch, uint64_t size)
3307 {
3308 if (ch != 0 || !buffer_is_zero(host, size)) {
3309 memset(host, ch, size);
3310 }
3311 }
3312
3313 /* return the size after decompression, or negative value on error */
3314 static int
3315 qemu_uncompress_data(z_stream *stream, uint8_t *dest, size_t dest_len,
3316 const uint8_t *source, size_t source_len)
3317 {
3318 int err;
3319
3320 err = inflateReset(stream);
3321 if (err != Z_OK) {
3322 return -1;
3323 }
3324
3325 stream->avail_in = source_len;
3326 stream->next_in = (uint8_t *)source;
3327 stream->avail_out = dest_len;
3328 stream->next_out = dest;
3329
3330 err = inflate(stream, Z_NO_FLUSH);
3331 if (err != Z_STREAM_END) {
3332 return -1;
3333 }
3334
3335 return stream->total_out;
3336 }
3337
3338 static void *do_data_decompress(void *opaque)
3339 {
3340 DecompressParam *param = opaque;
3341 unsigned long pagesize;
3342 uint8_t *des;
3343 int len, ret;
3344
3345 qemu_mutex_lock(&param->mutex);
3346 while (!param->quit) {
3347 if (param->des) {
3348 des = param->des;
3349 len = param->len;
3350 param->des = 0;
3351 qemu_mutex_unlock(&param->mutex);
3352
3353 pagesize = TARGET_PAGE_SIZE;
3354
3355 ret = qemu_uncompress_data(&param->stream, des, pagesize,
3356 param->compbuf, len);
3357 if (ret < 0 && migrate_get_current()->decompress_error_check) {
3358 error_report("decompress data failed");
3359 qemu_file_set_error(decomp_file, ret);
3360 }
3361
3362 qemu_mutex_lock(&decomp_done_lock);
3363 param->done = true;
3364 qemu_cond_signal(&decomp_done_cond);
3365 qemu_mutex_unlock(&decomp_done_lock);
3366
3367 qemu_mutex_lock(&param->mutex);
3368 } else {
3369 qemu_cond_wait(&param->cond, &param->mutex);
3370 }
3371 }
3372 qemu_mutex_unlock(&param->mutex);
3373
3374 return NULL;
3375 }
3376
3377 static int wait_for_decompress_done(void)
3378 {
3379 int idx, thread_count;
3380
3381 if (!migrate_use_compression()) {
3382 return 0;
3383 }
3384
3385 thread_count = migrate_decompress_threads();
3386 qemu_mutex_lock(&decomp_done_lock);
3387 for (idx = 0; idx < thread_count; idx++) {
3388 while (!decomp_param[idx].done) {
3389 qemu_cond_wait(&decomp_done_cond, &decomp_done_lock);
3390 }
3391 }
3392 qemu_mutex_unlock(&decomp_done_lock);
3393 return qemu_file_get_error(decomp_file);
3394 }
3395
3396 static void compress_threads_load_cleanup(void)
3397 {
3398 int i, thread_count;
3399
3400 if (!migrate_use_compression()) {
3401 return;
3402 }
3403 thread_count = migrate_decompress_threads();
3404 for (i = 0; i < thread_count; i++) {
3405 /*
3406 * we use it as a indicator which shows if the thread is
3407 * properly init'd or not
3408 */
3409 if (!decomp_param[i].compbuf) {
3410 break;
3411 }
3412
3413 qemu_mutex_lock(&decomp_param[i].mutex);
3414 decomp_param[i].quit = true;
3415 qemu_cond_signal(&decomp_param[i].cond);
3416 qemu_mutex_unlock(&decomp_param[i].mutex);
3417 }
3418 for (i = 0; i < thread_count; i++) {
3419 if (!decomp_param[i].compbuf) {
3420 break;
3421 }
3422
3423 qemu_thread_join(decompress_threads + i);
3424 qemu_mutex_destroy(&decomp_param[i].mutex);
3425 qemu_cond_destroy(&decomp_param[i].cond);
3426 inflateEnd(&decomp_param[i].stream);
3427 g_free(decomp_param[i].compbuf);
3428 decomp_param[i].compbuf = NULL;
3429 }
3430 g_free(decompress_threads);
3431 g_free(decomp_param);
3432 decompress_threads = NULL;
3433 decomp_param = NULL;
3434 decomp_file = NULL;
3435 }
3436
3437 static int compress_threads_load_setup(QEMUFile *f)
3438 {
3439 int i, thread_count;
3440
3441 if (!migrate_use_compression()) {
3442 return 0;
3443 }
3444
3445 thread_count = migrate_decompress_threads();
3446 decompress_threads = g_new0(QemuThread, thread_count);
3447 decomp_param = g_new0(DecompressParam, thread_count);
3448 qemu_mutex_init(&decomp_done_lock);
3449 qemu_cond_init(&decomp_done_cond);
3450 decomp_file = f;
3451 for (i = 0; i < thread_count; i++) {
3452 if (inflateInit(&decomp_param[i].stream) != Z_OK) {
3453 goto exit;
3454 }
3455
3456 decomp_param[i].compbuf = g_malloc0(compressBound(TARGET_PAGE_SIZE));
3457 qemu_mutex_init(&decomp_param[i].mutex);
3458 qemu_cond_init(&decomp_param[i].cond);
3459 decomp_param[i].done = true;
3460 decomp_param[i].quit = false;
3461 qemu_thread_create(decompress_threads + i, "decompress",
3462 do_data_decompress, decomp_param + i,
3463 QEMU_THREAD_JOINABLE);
3464 }
3465 return 0;
3466 exit:
3467 compress_threads_load_cleanup();
3468 return -1;
3469 }
3470
3471 static void decompress_data_with_multi_threads(QEMUFile *f,
3472 void *host, int len)
3473 {
3474 int idx, thread_count;
3475
3476 thread_count = migrate_decompress_threads();
3477 QEMU_LOCK_GUARD(&decomp_done_lock);
3478 while (true) {
3479 for (idx = 0; idx < thread_count; idx++) {
3480 if (decomp_param[idx].done) {
3481 decomp_param[idx].done = false;
3482 qemu_mutex_lock(&decomp_param[idx].mutex);
3483 qemu_get_buffer(f, decomp_param[idx].compbuf, len);
3484 decomp_param[idx].des = host;
3485 decomp_param[idx].len = len;
3486 qemu_cond_signal(&decomp_param[idx].cond);
3487 qemu_mutex_unlock(&decomp_param[idx].mutex);
3488 break;
3489 }
3490 }
3491 if (idx < thread_count) {
3492 break;
3493 } else {
3494 qemu_cond_wait(&decomp_done_cond, &decomp_done_lock);
3495 }
3496 }
3497 }
3498
3499 static void colo_init_ram_state(void)
3500 {
3501 ram_state_init(&ram_state);
3502 }
3503
3504 /*
3505 * colo cache: this is for secondary VM, we cache the whole
3506 * memory of the secondary VM, it is need to hold the global lock
3507 * to call this helper.
3508 */
3509 int colo_init_ram_cache(void)
3510 {
3511 RAMBlock *block;
3512
3513 WITH_RCU_READ_LOCK_GUARD() {
3514 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
3515 block->colo_cache = qemu_anon_ram_alloc(block->used_length,
3516 NULL, false, false);
3517 if (!block->colo_cache) {
3518 error_report("%s: Can't alloc memory for COLO cache of block %s,"
3519 "size 0x" RAM_ADDR_FMT, __func__, block->idstr,
3520 block->used_length);
3521 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
3522 if (block->colo_cache) {
3523 qemu_anon_ram_free(block->colo_cache, block->used_length);
3524 block->colo_cache = NULL;
3525 }
3526 }
3527 return -errno;
3528 }
3529 if (!machine_dump_guest_core(current_machine)) {
3530 qemu_madvise(block->colo_cache, block->used_length,
3531 QEMU_MADV_DONTDUMP);
3532 }
3533 }
3534 }
3535
3536 /*
3537 * Record the dirty pages that sent by PVM, we use this dirty bitmap together
3538 * with to decide which page in cache should be flushed into SVM's RAM. Here
3539 * we use the same name 'ram_bitmap' as for migration.
3540 */
3541 if (ram_bytes_total()) {
3542 RAMBlock *block;
3543
3544 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
3545 unsigned long pages = block->max_length >> TARGET_PAGE_BITS;
3546 block->bmap = bitmap_new(pages);
3547 }
3548 }
3549
3550 colo_init_ram_state();
3551 return 0;
3552 }
3553
3554 /* TODO: duplicated with ram_init_bitmaps */
3555 void colo_incoming_start_dirty_log(void)
3556 {
3557 RAMBlock *block = NULL;
3558 /* For memory_global_dirty_log_start below. */
3559 qemu_mutex_lock_iothread();
3560 qemu_mutex_lock_ramlist();
3561
3562 memory_global_dirty_log_sync();
3563 WITH_RCU_READ_LOCK_GUARD() {
3564 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
3565 ramblock_sync_dirty_bitmap(ram_state, block);
3566 /* Discard this dirty bitmap record */
3567 bitmap_zero(block->bmap, block->max_length >> TARGET_PAGE_BITS);
3568 }
3569 memory_global_dirty_log_start(GLOBAL_DIRTY_MIGRATION);
3570 }
3571 ram_state->migration_dirty_pages = 0;
3572 qemu_mutex_unlock_ramlist();
3573 qemu_mutex_unlock_iothread();
3574 }
3575
3576 /* It is need to hold the global lock to call this helper */
3577 void colo_release_ram_cache(void)
3578 {
3579 RAMBlock *block;
3580
3581 memory_global_dirty_log_stop(GLOBAL_DIRTY_MIGRATION);
3582 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
3583 g_free(block->bmap);
3584 block->bmap = NULL;
3585 }
3586
3587 WITH_RCU_READ_LOCK_GUARD() {
3588 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
3589 if (block->colo_cache) {
3590 qemu_anon_ram_free(block->colo_cache, block->used_length);
3591 block->colo_cache = NULL;
3592 }
3593 }
3594 }
3595 ram_state_cleanup(&ram_state);
3596 }
3597
3598 /**
3599 * ram_load_setup: Setup RAM for migration incoming side
3600 *
3601 * Returns zero to indicate success and negative for error
3602 *
3603 * @f: QEMUFile where to receive the data
3604 * @opaque: RAMState pointer
3605 */
3606 static int ram_load_setup(QEMUFile *f, void *opaque)
3607 {
3608 if (compress_threads_load_setup(f)) {
3609 return -1;
3610 }
3611
3612 xbzrle_load_setup();
3613 ramblock_recv_map_init();
3614
3615 return 0;
3616 }
3617
3618 static int ram_load_cleanup(void *opaque)
3619 {
3620 RAMBlock *rb;
3621
3622 RAMBLOCK_FOREACH_NOT_IGNORED(rb) {
3623 qemu_ram_block_writeback(rb);
3624 }
3625
3626 xbzrle_load_cleanup();
3627 compress_threads_load_cleanup();
3628
3629 RAMBLOCK_FOREACH_NOT_IGNORED(rb) {
3630 g_free(rb->receivedmap);
3631 rb->receivedmap = NULL;
3632 }
3633
3634 return 0;
3635 }
3636
3637 /**
3638 * ram_postcopy_incoming_init: allocate postcopy data structures
3639 *
3640 * Returns 0 for success and negative if there was one error
3641 *
3642 * @mis: current migration incoming state
3643 *
3644 * Allocate data structures etc needed by incoming migration with
3645 * postcopy-ram. postcopy-ram's similarly names
3646 * postcopy_ram_incoming_init does the work.
3647 */
3648 int ram_postcopy_incoming_init(MigrationIncomingState *mis)
3649 {
3650 return postcopy_ram_incoming_init(mis);
3651 }
3652
3653 /**
3654 * ram_load_postcopy: load a page in postcopy case
3655 *
3656 * Returns 0 for success or -errno in case of error
3657 *
3658 * Called in postcopy mode by ram_load().
3659 * rcu_read_lock is taken prior to this being called.
3660 *
3661 * @f: QEMUFile where to send the data
3662 */
3663 int ram_load_postcopy(QEMUFile *f)
3664 {
3665 int flags = 0, ret = 0;
3666 bool place_needed = false;
3667 bool matches_target_page_size = false;
3668 MigrationIncomingState *mis = migration_incoming_get_current();
3669 /* Currently we only use channel 0. TODO: use all the channels */
3670 PostcopyTmpPage *tmp_page = &mis->postcopy_tmp_pages[0];
3671
3672 while (!ret && !(flags & RAM_SAVE_FLAG_EOS)) {
3673 ram_addr_t addr;
3674 void *page_buffer = NULL;
3675 void *place_source = NULL;
3676 RAMBlock *block = NULL;
3677 uint8_t ch;
3678 int len;
3679
3680 addr = qemu_get_be64(f);
3681
3682 /*
3683 * If qemu file error, we should stop here, and then "addr"
3684 * may be invalid
3685 */
3686 ret = qemu_file_get_error(f);
3687 if (ret) {
3688 break;
3689 }
3690
3691 flags = addr & ~TARGET_PAGE_MASK;
3692 addr &= TARGET_PAGE_MASK;
3693
3694 trace_ram_load_postcopy_loop((uint64_t)addr, flags);
3695 if (flags & (RAM_SAVE_FLAG_ZERO | RAM_SAVE_FLAG_PAGE |
3696 RAM_SAVE_FLAG_COMPRESS_PAGE)) {
3697 block = ram_block_from_stream(mis, f, flags);
3698 if (!block) {
3699 ret = -EINVAL;
3700 break;
3701 }
3702
3703 /*
3704 * Relying on used_length is racy and can result in false positives.
3705 * We might place pages beyond used_length in case RAM was shrunk
3706 * while in postcopy, which is fine - trying to place via
3707 * UFFDIO_COPY/UFFDIO_ZEROPAGE will never segfault.
3708 */
3709 if (!block->host || addr >= block->postcopy_length) {
3710 error_report("Illegal RAM offset " RAM_ADDR_FMT, addr);
3711 ret = -EINVAL;
3712 break;
3713 }
3714 tmp_page->target_pages++;
3715 matches_target_page_size = block->page_size == TARGET_PAGE_SIZE;
3716 /*
3717 * Postcopy requires that we place whole host pages atomically;
3718 * these may be huge pages for RAMBlocks that are backed by
3719 * hugetlbfs.
3720 * To make it atomic, the data is read into a temporary page
3721 * that's moved into place later.
3722 * The migration protocol uses, possibly smaller, target-pages
3723 * however the source ensures it always sends all the components
3724 * of a host page in one chunk.
3725 */
3726 page_buffer = tmp_page->tmp_huge_page +
3727 host_page_offset_from_ram_block_offset(block, addr);
3728 /* If all TP are zero then we can optimise the place */
3729 if (tmp_page->target_pages == 1) {
3730 tmp_page->host_addr =
3731 host_page_from_ram_block_offset(block, addr);
3732 } else if (tmp_page->host_addr !=
3733 host_page_from_ram_block_offset(block, addr)) {
3734 /* not the 1st TP within the HP */
3735 error_report("Non-same host page detected. "
3736 "Target host page %p, received host page %p "
3737 "(rb %s offset 0x"RAM_ADDR_FMT" target_pages %d)",
3738 tmp_page->host_addr,
3739 host_page_from_ram_block_offset(block, addr),
3740 block->idstr, addr, tmp_page->target_pages);
3741 ret = -EINVAL;
3742 break;
3743 }
3744
3745 /*
3746 * If it's the last part of a host page then we place the host
3747 * page
3748 */
3749 if (tmp_page->target_pages ==
3750 (block->page_size / TARGET_PAGE_SIZE)) {
3751 place_needed = true;
3752 }
3753 place_source = tmp_page->tmp_huge_page;
3754 }
3755
3756 switch (flags & ~RAM_SAVE_FLAG_CONTINUE) {
3757 case RAM_SAVE_FLAG_ZERO:
3758 ch = qemu_get_byte(f);
3759 /*
3760 * Can skip to set page_buffer when
3761 * this is a zero page and (block->page_size == TARGET_PAGE_SIZE).
3762 */
3763 if (ch || !matches_target_page_size) {
3764 memset(page_buffer, ch, TARGET_PAGE_SIZE);
3765 }
3766 if (ch) {
3767 tmp_page->all_zero = false;
3768 }
3769 break;
3770
3771 case RAM_SAVE_FLAG_PAGE:
3772 tmp_page->all_zero = false;
3773 if (!matches_target_page_size) {
3774 /* For huge pages, we always use temporary buffer */
3775 qemu_get_buffer(f, page_buffer, TARGET_PAGE_SIZE);
3776 } else {
3777 /*
3778 * For small pages that matches target page size, we
3779 * avoid the qemu_file copy. Instead we directly use
3780 * the buffer of QEMUFile to place the page. Note: we
3781 * cannot do any QEMUFile operation before using that
3782 * buffer to make sure the buffer is valid when
3783 * placing the page.
3784 */
3785 qemu_get_buffer_in_place(f, (uint8_t **)&place_source,
3786 TARGET_PAGE_SIZE);
3787 }
3788 break;
3789 case RAM_SAVE_FLAG_COMPRESS_PAGE:
3790 tmp_page->all_zero = false;
3791 len = qemu_get_be32(f);
3792 if (len < 0 || len > compressBound(TARGET_PAGE_SIZE)) {
3793 error_report("Invalid compressed data length: %d", len);
3794 ret = -EINVAL;
3795 break;
3796 }
3797 decompress_data_with_multi_threads(f, page_buffer, len);
3798 break;
3799
3800 case RAM_SAVE_FLAG_EOS:
3801 /* normal exit */
3802 multifd_recv_sync_main();
3803 break;
3804 default:
3805 error_report("Unknown combination of migration flags: 0x%x"
3806 " (postcopy mode)", flags);
3807 ret = -EINVAL;
3808 break;
3809 }
3810
3811 /* Got the whole host page, wait for decompress before placing. */
3812 if (place_needed) {
3813 ret |= wait_for_decompress_done();
3814 }
3815
3816 /* Detect for any possible file errors */
3817 if (!ret && qemu_file_get_error(f)) {
3818 ret = qemu_file_get_error(f);
3819 }
3820
3821 if (!ret && place_needed) {
3822 if (tmp_page->all_zero) {
3823 ret = postcopy_place_page_zero(mis, tmp_page->host_addr, block);
3824 } else {
3825 ret = postcopy_place_page(mis, tmp_page->host_addr,
3826 place_source, block);
3827 }
3828 place_needed = false;
3829 postcopy_temp_page_reset(tmp_page);
3830 }
3831 }
3832
3833 return ret;
3834 }
3835
3836 static bool postcopy_is_advised(void)
3837 {
3838 PostcopyState ps = postcopy_state_get();
3839 return ps >= POSTCOPY_INCOMING_ADVISE && ps < POSTCOPY_INCOMING_END;
3840 }
3841
3842 static bool postcopy_is_running(void)
3843 {
3844 PostcopyState ps = postcopy_state_get();
3845 return ps >= POSTCOPY_INCOMING_LISTENING && ps < POSTCOPY_INCOMING_END;
3846 }
3847
3848 /*
3849 * Flush content of RAM cache into SVM's memory.
3850 * Only flush the pages that be dirtied by PVM or SVM or both.
3851 */
3852 void colo_flush_ram_cache(void)
3853 {
3854 RAMBlock *block = NULL;
3855 void *dst_host;
3856 void *src_host;
3857 unsigned long offset = 0;
3858
3859 memory_global_dirty_log_sync();
3860 WITH_RCU_READ_LOCK_GUARD() {
3861 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
3862 ramblock_sync_dirty_bitmap(ram_state, block);
3863 }
3864 }
3865
3866 trace_colo_flush_ram_cache_begin(ram_state->migration_dirty_pages);
3867 WITH_RCU_READ_LOCK_GUARD() {
3868 block = QLIST_FIRST_RCU(&ram_list.blocks);
3869
3870 while (block) {
3871 unsigned long num = 0;
3872
3873 offset = colo_bitmap_find_dirty(ram_state, block, offset, &num);
3874 if (!offset_in_ramblock(block,
3875 ((ram_addr_t)offset) << TARGET_PAGE_BITS)) {
3876 offset = 0;
3877 num = 0;
3878 block = QLIST_NEXT_RCU(block, next);
3879 } else {
3880 unsigned long i = 0;
3881
3882 for (i = 0; i < num; i++) {
3883 migration_bitmap_clear_dirty(ram_state, block, offset + i);
3884 }
3885 dst_host = block->host
3886 + (((ram_addr_t)offset) << TARGET_PAGE_BITS);
3887 src_host = block->colo_cache
3888 + (((ram_addr_t)offset) << TARGET_PAGE_BITS);
3889 memcpy(dst_host, src_host, TARGET_PAGE_SIZE * num);
3890 offset += num;
3891 }
3892 }
3893 }
3894 trace_colo_flush_ram_cache_end();
3895 }
3896
3897 /**
3898 * ram_load_precopy: load pages in precopy case
3899 *
3900 * Returns 0 for success or -errno in case of error
3901 *
3902 * Called in precopy mode by ram_load().
3903 * rcu_read_lock is taken prior to this being called.
3904 *
3905 * @f: QEMUFile where to send the data
3906 */
3907 static int ram_load_precopy(QEMUFile *f)
3908 {
3909 MigrationIncomingState *mis = migration_incoming_get_current();
3910 int flags = 0, ret = 0, invalid_flags = 0, len = 0, i = 0;
3911 /* ADVISE is earlier, it shows the source has the postcopy capability on */
3912 bool postcopy_advised = postcopy_is_advised();
3913 if (!migrate_use_compression()) {
3914 invalid_flags |= RAM_SAVE_FLAG_COMPRESS_PAGE;
3915 }
3916
3917 while (!ret && !(flags & RAM_SAVE_FLAG_EOS)) {
3918 ram_addr_t addr, total_ram_bytes;
3919 void *host = NULL, *host_bak = NULL;
3920 uint8_t ch;
3921
3922 /*
3923 * Yield periodically to let main loop run, but an iteration of
3924 * the main loop is expensive, so do it each some iterations
3925 */
3926 if ((i & 32767) == 0 && qemu_in_coroutine()) {
3927 aio_co_schedule(qemu_get_current_aio_context(),
3928 qemu_coroutine_self());
3929 qemu_coroutine_yield();
3930 }
3931 i++;
3932
3933 addr = qemu_get_be64(f);
3934 flags = addr & ~TARGET_PAGE_MASK;
3935 addr &= TARGET_PAGE_MASK;
3936
3937 if (flags & invalid_flags) {
3938 if (flags & invalid_flags & RAM_SAVE_FLAG_COMPRESS_PAGE) {
3939 error_report("Received an unexpected compressed page");
3940 }
3941
3942 ret = -EINVAL;
3943 break;
3944 }
3945
3946 if (flags & (RAM_SAVE_FLAG_ZERO | RAM_SAVE_FLAG_PAGE |
3947 RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE)) {
3948 RAMBlock *block = ram_block_from_stream(mis, f, flags);
3949
3950 host = host_from_ram_block_offset(block, addr);
3951 /*
3952 * After going into COLO stage, we should not load the page
3953 * into SVM's memory directly, we put them into colo_cache firstly.
3954 * NOTE: We need to keep a copy of SVM's ram in colo_cache.
3955 * Previously, we copied all these memory in preparing stage of COLO
3956 * while we need to stop VM, which is a time-consuming process.
3957 * Here we optimize it by a trick, back-up every page while in
3958 * migration process while COLO is enabled, though it affects the
3959 * speed of the migration, but it obviously reduce the downtime of
3960 * back-up all SVM'S memory in COLO preparing stage.
3961 */
3962 if (migration_incoming_colo_enabled()) {
3963 if (migration_incoming_in_colo_state()) {
3964 /* In COLO stage, put all pages into cache temporarily */
3965 host = colo_cache_from_block_offset(block, addr, true);
3966 } else {
3967 /*
3968 * In migration stage but before COLO stage,
3969 * Put all pages into both cache and SVM's memory.
3970 */
3971 host_bak = colo_cache_from_block_offset(block, addr, false);
3972 }
3973 }
3974 if (!host) {
3975 error_report("Illegal RAM offset " RAM_ADDR_FMT, addr);
3976 ret = -EINVAL;
3977 break;
3978 }
3979 if (!migration_incoming_in_colo_state()) {
3980 ramblock_recv_bitmap_set(block, host);
3981 }
3982
3983 trace_ram_load_loop(block->idstr, (uint64_t)addr, flags, host);
3984 }
3985
3986 switch (flags & ~RAM_SAVE_FLAG_CONTINUE) {
3987 case RAM_SAVE_FLAG_MEM_SIZE:
3988 /* Synchronize RAM block list */
3989 total_ram_bytes = addr;
3990 while (!ret && total_ram_bytes) {
3991 RAMBlock *block;
3992 char id[256];
3993 ram_addr_t length;
3994
3995 len = qemu_get_byte(f);
3996 qemu_get_buffer(f, (uint8_t *)id, len);
3997 id[len] = 0;
3998 length = qemu_get_be64(f);
3999
4000 block = qemu_ram_block_by_name(id);
4001 if (block && !qemu_ram_is_migratable(block)) {
4002 error_report("block %s should not be migrated !", id);
4003 ret = -EINVAL;
4004 } else if (block) {
4005 if (length != block->used_length) {
4006 Error *local_err = NULL;
4007
4008 ret = qemu_ram_resize(block, length,
4009 &local_err);
4010 if (local_err) {
4011 error_report_err(local_err);
4012 }
4013 }
4014 /* For postcopy we need to check hugepage sizes match */
4015 if (postcopy_advised && migrate_postcopy_ram() &&
4016 block->page_size != qemu_host_page_size) {
4017 uint64_t remote_page_size = qemu_get_be64(f);
4018 if (remote_page_size != block->page_size) {
4019 error_report("Mismatched RAM page size %s "
4020 "(local) %zd != %" PRId64,
4021 id, block->page_size,
4022 remote_page_size);
4023 ret = -EINVAL;
4024 }
4025 }
4026 if (migrate_ignore_shared()) {
4027 hwaddr addr = qemu_get_be64(f);
4028 if (ramblock_is_ignored(block) &&
4029 block->mr->addr != addr) {
4030 error_report("Mismatched GPAs for block %s "
4031 "%" PRId64 "!= %" PRId64,
4032 id, (uint64_t)addr,
4033 (uint64_t)block->mr->addr);
4034 ret = -EINVAL;
4035 }
4036 }
4037 ram_control_load_hook(f, RAM_CONTROL_BLOCK_REG,
4038 block->idstr);
4039 } else {
4040 error_report("Unknown ramblock \"%s\", cannot "
4041 "accept migration", id);
4042 ret = -EINVAL;
4043 }
4044
4045 total_ram_bytes -= length;
4046 }
4047 break;
4048
4049 case RAM_SAVE_FLAG_ZERO:
4050 ch = qemu_get_byte(f);
4051 ram_handle_compressed(host, ch, TARGET_PAGE_SIZE);
4052 break;
4053
4054 case RAM_SAVE_FLAG_PAGE:
4055 qemu_get_buffer(f, host, TARGET_PAGE_SIZE);
4056 break;
4057
4058 case RAM_SAVE_FLAG_COMPRESS_PAGE:
4059 len = qemu_get_be32(f);
4060 if (len < 0 || len > compressBound(TARGET_PAGE_SIZE)) {
4061 error_report("Invalid compressed data length: %d", len);
4062 ret = -EINVAL;
4063 break;
4064 }
4065 decompress_data_with_multi_threads(f, host, len);
4066 break;
4067
4068 case RAM_SAVE_FLAG_XBZRLE:
4069 if (load_xbzrle(f, addr, host) < 0) {
4070 error_report("Failed to decompress XBZRLE page at "
4071 RAM_ADDR_FMT, addr);
4072 ret = -EINVAL;
4073 break;
4074 }
4075 break;
4076 case RAM_SAVE_FLAG_EOS:
4077 /* normal exit */
4078 multifd_recv_sync_main();
4079 break;
4080 default:
4081 if (flags & RAM_SAVE_FLAG_HOOK) {
4082 ram_control_load_hook(f, RAM_CONTROL_HOOK, NULL);
4083 } else {
4084 error_report("Unknown combination of migration flags: 0x%x",
4085 flags);
4086 ret = -EINVAL;
4087 }
4088 }
4089 if (!ret) {
4090 ret = qemu_file_get_error(f);
4091 }
4092 if (!ret && host_bak) {
4093 memcpy(host_bak, host, TARGET_PAGE_SIZE);
4094 }
4095 }
4096
4097 ret |= wait_for_decompress_done();
4098 return ret;
4099 }
4100
4101 static int ram_load(QEMUFile *f, void *opaque, int version_id)
4102 {
4103 int ret = 0;
4104 static uint64_t seq_iter;
4105 /*
4106 * If system is running in postcopy mode, page inserts to host memory must
4107 * be atomic
4108 */
4109 bool postcopy_running = postcopy_is_running();
4110
4111 seq_iter++;
4112
4113 if (version_id != 4) {
4114 return -EINVAL;
4115 }
4116
4117 /*
4118 * This RCU critical section can be very long running.
4119 * When RCU reclaims in the code start to become numerous,
4120 * it will be necessary to reduce the granularity of this
4121 * critical section.
4122 */
4123 WITH_RCU_READ_LOCK_GUARD() {
4124 if (postcopy_running) {
4125 ret = ram_load_postcopy(f);
4126 } else {
4127 ret = ram_load_precopy(f);
4128 }
4129 }
4130 trace_ram_load_complete(ret, seq_iter);
4131
4132 return ret;
4133 }
4134
4135 static bool ram_has_postcopy(void *opaque)
4136 {
4137 RAMBlock *rb;
4138 RAMBLOCK_FOREACH_NOT_IGNORED(rb) {
4139 if (ramblock_is_pmem(rb)) {
4140 info_report("Block: %s, host: %p is a nvdimm memory, postcopy"
4141 "is not supported now!", rb->idstr, rb->host);
4142 return false;
4143 }
4144 }
4145
4146 return migrate_postcopy_ram();
4147 }
4148
4149 /* Sync all the dirty bitmap with destination VM. */
4150 static int ram_dirty_bitmap_sync_all(MigrationState *s, RAMState *rs)
4151 {
4152 RAMBlock *block;
4153 QEMUFile *file = s->to_dst_file;
4154 int ramblock_count = 0;
4155
4156 trace_ram_dirty_bitmap_sync_start();
4157
4158 RAMBLOCK_FOREACH_NOT_IGNORED(block) {
4159 qemu_savevm_send_recv_bitmap(file, block->idstr);
4160 trace_ram_dirty_bitmap_request(block->idstr);
4161 ramblock_count++;
4162 }
4163
4164 trace_ram_dirty_bitmap_sync_wait();
4165
4166 /* Wait until all the ramblocks' dirty bitmap synced */
4167 while (ramblock_count--) {
4168 qemu_sem_wait(&s->rp_state.rp_sem);
4169 }
4170
4171 trace_ram_dirty_bitmap_sync_complete();
4172
4173 return 0;
4174 }
4175
4176 static void ram_dirty_bitmap_reload_notify(MigrationState *s)
4177 {
4178 qemu_sem_post(&s->rp_state.rp_sem);
4179 }
4180
4181 /*
4182 * Read the received bitmap, revert it as the initial dirty bitmap.
4183 * This is only used when the postcopy migration is paused but wants
4184 * to resume from a middle point.
4185 */
4186 int ram_dirty_bitmap_reload(MigrationState *s, RAMBlock *block)
4187 {
4188 int ret = -EINVAL;
4189 /* from_dst_file is always valid because we're within rp_thread */
4190 QEMUFile *file = s->rp_state.from_dst_file;
4191 unsigned long *le_bitmap, nbits = block->used_length >> TARGET_PAGE_BITS;
4192 uint64_t local_size = DIV_ROUND_UP(nbits, 8);
4193 uint64_t size, end_mark;
4194
4195 trace_ram_dirty_bitmap_reload_begin(block->idstr);
4196
4197 if (s->state != MIGRATION_STATUS_POSTCOPY_RECOVER) {
4198 error_report("%s: incorrect state %s", __func__,
4199 MigrationStatus_str(s->state));
4200 return -EINVAL;
4201 }
4202
4203 /*
4204 * Note: see comments in ramblock_recv_bitmap_send() on why we
4205 * need the endianness conversion, and the paddings.
4206 */
4207 local_size = ROUND_UP(local_size, 8);
4208
4209 /* Add paddings */
4210 le_bitmap = bitmap_new(nbits + BITS_PER_LONG);
4211
4212 size = qemu_get_be64(file);
4213
4214 /* The size of the bitmap should match with our ramblock */
4215 if (size != local_size) {
4216 error_report("%s: ramblock '%s' bitmap size mismatch "
4217 "(0x%"PRIx64" != 0x%"PRIx64")", __func__,
4218 block->idstr, size, local_size);
4219 ret = -EINVAL;
4220 goto out;
4221 }
4222
4223 size = qemu_get_buffer(file, (uint8_t *)le_bitmap, local_size);
4224 end_mark = qemu_get_be64(file);
4225
4226 ret = qemu_file_get_error(file);
4227 if (ret || size != local_size) {
4228 error_report("%s: read bitmap failed for ramblock '%s': %d"
4229 " (size 0x%"PRIx64", got: 0x%"PRIx64")",
4230 __func__, block->idstr, ret, local_size, size);
4231 ret = -EIO;
4232 goto out;
4233 }
4234
4235 if (end_mark != RAMBLOCK_RECV_BITMAP_ENDING) {
4236 error_report("%s: ramblock '%s' end mark incorrect: 0x%"PRIx64,
4237 __func__, block->idstr, end_mark);
4238 ret = -EINVAL;
4239 goto out;
4240 }
4241
4242 /*
4243 * Endianness conversion. We are during postcopy (though paused).
4244 * The dirty bitmap won't change. We can directly modify it.
4245 */
4246 bitmap_from_le(block->bmap, le_bitmap, nbits);
4247
4248 /*
4249 * What we received is "received bitmap". Revert it as the initial
4250 * dirty bitmap for this ramblock.
4251 */
4252 bitmap_complement(block->bmap, block->bmap, nbits);
4253
4254 /* Clear dirty bits of discarded ranges that we don't want to migrate. */
4255 ramblock_dirty_bitmap_clear_discarded_pages(block);
4256
4257 /* We'll recalculate migration_dirty_pages in ram_state_resume_prepare(). */
4258 trace_ram_dirty_bitmap_reload_complete(block->idstr);
4259
4260 /*
4261 * We succeeded to sync bitmap for current ramblock. If this is
4262 * the last one to sync, we need to notify the main send thread.
4263 */
4264 ram_dirty_bitmap_reload_notify(s);
4265
4266 ret = 0;
4267 out:
4268 g_free(le_bitmap);
4269 return ret;
4270 }
4271
4272 static int ram_resume_prepare(MigrationState *s, void *opaque)
4273 {
4274 RAMState *rs = *(RAMState **)opaque;
4275 int ret;
4276
4277 ret = ram_dirty_bitmap_sync_all(s, rs);
4278 if (ret) {
4279 return ret;
4280 }
4281
4282 ram_state_resume_prepare(rs, s->to_dst_file);
4283
4284 return 0;
4285 }
4286
4287 static SaveVMHandlers savevm_ram_handlers = {
4288 .save_setup = ram_save_setup,
4289 .save_live_iterate = ram_save_iterate,
4290 .save_live_complete_postcopy = ram_save_complete,
4291 .save_live_complete_precopy = ram_save_complete,
4292 .has_postcopy = ram_has_postcopy,
4293 .save_live_pending = ram_save_pending,
4294 .load_state = ram_load,
4295 .save_cleanup = ram_save_cleanup,
4296 .load_setup = ram_load_setup,
4297 .load_cleanup = ram_load_cleanup,
4298 .resume_prepare = ram_resume_prepare,
4299 };
4300
4301 static void ram_mig_ram_block_resized(RAMBlockNotifier *n, void *host,
4302 size_t old_size, size_t new_size)
4303 {
4304 PostcopyState ps = postcopy_state_get();
4305 ram_addr_t offset;
4306 RAMBlock *rb = qemu_ram_block_from_host(host, false, &offset);
4307 Error *err = NULL;
4308
4309 if (ramblock_is_ignored(rb)) {
4310 return;
4311 }
4312
4313 if (!migration_is_idle()) {
4314 /*
4315 * Precopy code on the source cannot deal with the size of RAM blocks
4316 * changing at random points in time - especially after sending the
4317 * RAM block sizes in the migration stream, they must no longer change.
4318 * Abort and indicate a proper reason.
4319 */
4320 error_setg(&err, "RAM block '%s' resized during precopy.", rb->idstr);
4321 migration_cancel(err);
4322 error_free(err);
4323 }
4324
4325 switch (ps) {
4326 case POSTCOPY_INCOMING_ADVISE:
4327 /*
4328 * Update what ram_postcopy_incoming_init()->init_range() does at the
4329 * time postcopy was advised. Syncing RAM blocks with the source will
4330 * result in RAM resizes.
4331 */
4332 if (old_size < new_size) {
4333 if (ram_discard_range(rb->idstr, old_size, new_size - old_size)) {
4334 error_report("RAM block '%s' discard of resized RAM failed",
4335 rb->idstr);
4336 }
4337 }
4338 rb->postcopy_length = new_size;
4339 break;
4340 case POSTCOPY_INCOMING_NONE:
4341 case POSTCOPY_INCOMING_RUNNING:
4342 case POSTCOPY_INCOMING_END:
4343 /*
4344 * Once our guest is running, postcopy does no longer care about
4345 * resizes. When growing, the new memory was not available on the
4346 * source, no handler needed.
4347 */
4348 break;
4349 default:
4350 error_report("RAM block '%s' resized during postcopy state: %d",
4351 rb->idstr, ps);
4352 exit(-1);
4353 }
4354 }
4355
4356 static RAMBlockNotifier ram_mig_ram_notifier = {
4357 .ram_block_resized = ram_mig_ram_block_resized,
4358 };
4359
4360 void ram_mig_init(void)
4361 {
4362 qemu_mutex_init(&XBZRLE.lock);
4363 register_savevm_live("ram", 0, 4, &savevm_ram_handlers, &ram_state);
4364 ram_block_notifier_add(&ram_mig_ram_notifier);
4365 }
QEMU mirror