vl: Add option to avoid stopping VM upon guest panic
The current default action of pausing a guest after a panic event
is received leaves the responsibility to resume guest execution to the
management layer. The reasons for this behavior are discussed here:
https://lore.kernel.org/qemu-devel/52148F88.5000509@redhat.com/
However, in instances like the case of older guests (Linux and
Windows) using a pvpanic device but missing support for the
PVPANIC_CRASHLOADED event, and Windows guests using the hv-crash
enlightenment, it is desirable to allow the guests to continue
running after sending a PVPANIC_PANICKED event. This allows such
guests to proceed to capture a crash dump and automatically reboot
without intervention of a management layer.
Add an option to avoid stopping a VM after a panic event is received,
by passing:
-action panic=none
in the command line arguments, or during runtime by using an upcoming
QMP command.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Message-Id: <1607705564-26264-3-git-send-email-alejandro.j.jimenez@oracle.com>
[Do not fix panic action in the variable, instead modify -no-shutdown. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/include/sysemu/runstate-action.h b/include/sysemu/runstate-action.h
index 51a461c..cff45a0 100644
--- a/include/sysemu/runstate-action.h
+++ b/include/sysemu/runstate-action.h
@@ -14,5 +14,6 @@
/* in softmmu/runstate-action.c */
extern RebootAction reboot_action;
extern ShutdownAction shutdown_action;
+extern PanicAction panic_action;
#endif /* RUNSTATE_ACTION_H */
diff --git a/qapi/run-state.json b/qapi/run-state.json
index 25e82d1..1f3b329 100644
--- a/qapi/run-state.json
+++ b/qapi/run-state.json
@@ -354,6 +354,18 @@
'data': [ 'poweroff', 'pause' ] }
##
+# @PanicAction:
+#
+# @none: Continue VM execution
+#
+# @pause: Pause the VM
+#
+# Since: 6.0
+##
+{ 'enum': 'PanicAction',
+ 'data': [ 'poweroff', 'pause', 'none' ] }
+
+##
# @watchdog-set-action:
#
# Set watchdog action
@@ -372,6 +384,8 @@
#
# @shutdown: @ShutdownAction action taken on guest shutdown.
#
+# @panic: @PanicAction action taken on guest panic.
+#
# @watchdog: @WatchdogAction action taken when watchdog timer expires .
#
# Returns: Nothing on success.
@@ -383,12 +397,14 @@
# -> { "execute": "set-action",
# "arguments": { "reboot": "shutdown",
# "shutdown" : "pause",
+# "panic": "pause",
# "watchdog": "inject-nmi" } }
# <- { "return": {} }
##
{ 'command': 'set-action',
'data': { '*reboot': 'RebootAction',
'*shutdown': 'ShutdownAction',
+ '*panic': 'PanicAction',
'*watchdog': 'WatchdogAction' },
'allow-preconfig': true }
diff --git a/qemu-options.hx b/qemu-options.hx
index eb55cd0..94cdfcf 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3899,6 +3899,8 @@
" action when guest reboots [default=none]\n"
"-action shutdown=poweroff|pause\n"
" action when guest shuts down [default=poweroff]\n"
+ "-action panic=poweroff|pause|none\n"
+ " action when guest panics [default=poweroff]\n"
"-action watchdog=reset|shutdown|poweroff|inject-nmi|pause|debug|none\n"
" action when watchdog fires [default=reset]\n",
QEMU_ARCH_ALL)
@@ -3911,6 +3913,7 @@
Examples:
+ ``-action panic=none``
``-action reboot=shutdown,shutdown=pause``
``-watchdog i6300esb -action watchdog=pause``
diff --git a/softmmu/runstate-action.c b/softmmu/runstate-action.c
index 44de01a..99ce880 100644
--- a/softmmu/runstate-action.c
+++ b/softmmu/runstate-action.c
@@ -15,6 +15,7 @@
RebootAction reboot_action = REBOOT_ACTION_NONE;
ShutdownAction shutdown_action = SHUTDOWN_ACTION_POWEROFF;
+PanicAction panic_action = PANIC_ACTION_POWEROFF;
/*
* Receives actions to be applied for specific guest events
@@ -30,6 +31,10 @@
reboot_action = reboot;
}
+ if (has_panic) {
+ panic_action = panic;
+ }
+
if (has_watchdog) {
qmp_watchdog_set_action(watchdog, errp);
}
diff --git a/softmmu/runstate.c b/softmmu/runstate.c
index bd0522e..636aab0 100644
--- a/softmmu/runstate.c
+++ b/softmmu/runstate.c
@@ -469,13 +469,23 @@
if (current_cpu) {
current_cpu->crash_occurred = true;
}
- qapi_event_send_guest_panicked(GUEST_PANIC_ACTION_PAUSE,
- !!info, info);
- vm_stop(RUN_STATE_GUEST_PANICKED);
- if (shutdown_action == SHUTDOWN_ACTION_POWEROFF) {
+ /*
+ * TODO: Currently the available panic actions are: none, pause, and
+ * poweroff, but in principle debug and reset could be supported as well.
+ * Investigate any potential use cases for the unimplemented actions.
+ */
+ if (panic_action == PANIC_ACTION_PAUSE) {
+ qapi_event_send_guest_panicked(GUEST_PANIC_ACTION_PAUSE,
+ !!info, info);
+ vm_stop(RUN_STATE_GUEST_PANICKED);
+ } else if (panic_action == PANIC_ACTION_POWEROFF) {
qapi_event_send_guest_panicked(GUEST_PANIC_ACTION_POWEROFF,
!!info, info);
+ vm_stop(RUN_STATE_GUEST_PANICKED);
qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_PANIC);
+ } else {
+ qapi_event_send_guest_panicked(GUEST_PANIC_ACTION_RUN,
+ !!info, info);
}
if (info) {
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 6d1a7eb..3921a04 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -490,6 +490,9 @@
.name = "reboot",
.type = QEMU_OPT_STRING,
},{
+ .name = "panic",
+ .type = QEMU_OPT_STRING,
+ },{
.name = "watchdog",
.type = QEMU_OPT_STRING,
},
@@ -3212,7 +3215,7 @@
break;
case QEMU_OPTION_no_shutdown:
olist = qemu_find_opts("action");
- qemu_opts_parse_noisily(olist, "shutdown=pause", false);
+ qemu_opts_parse_noisily(olist, "panic=pause,shutdown=pause", false);
break;
case QEMU_OPTION_show_cursor:
warn_report("The -show-cursor option is deprecated. Please "
