tools/libxc: Tolerate specific zero-content records in migration v2 streams

The migration v2 save code was written to avoid sending data records with no
content, as such records serve no purpose but come with a performance hit.
The restore code sanity checks this expectation.

Under some circumstances (most notably, on AMD hardware with Debug Extensions,
and a PV guest kernel which is not using the feature), the save code would
generate a record with no content, which trips the sanity check in the restore
code.

As the stream is otherwise fine, tolerate these records and avoid failing the
migration.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
(cherry picked from commit 119ee4d77377aa1fc62efdadc1cc87df4f1270bf)

diff --git a/tools/libxc/xc_sr_restore_x86_hvm.c b/tools/libxc/xc_sr_restore_x86_hvm.c
index 49d22c7bf5d83e00fa2727ca2defb633d093be82..1dca85354a144377c3afd86f34f29c7904bb9ab8 100644 (file)
--- a/tools/libxc/xc_sr_restore_x86_hvm.c
+++ b/tools/libxc/xc_sr_restore_x86_hvm.c
@@ -39,13 +39,32 @@ static int handle_hvm_params(struct xc_sr_context *ctx,
     unsigned int i;
     int rc;
 
-    if ( rec->length < sizeof(*hdr)
-         || rec->length < sizeof(*hdr) + hdr->count * sizeof(*entry) )
+    if ( rec->length < sizeof(*hdr) )
     {
-        ERROR("hvm_params record is too short");
+        ERROR("HVM_PARAMS record truncated: length %u, header size %zu",
+              rec->length, sizeof(*hdr));
         return -1;
     }
 
+    if ( rec->length != (sizeof(*hdr) + hdr->count * sizeof(*entry)) )
+    {
+        ERROR("HVM_PARAMS record truncated: header %zu, count %u, "
+              "expected len %zu, got %u",
+              sizeof(*hdr), hdr->count, hdr->count * sizeof(*entry),
+              rec->length);
+        return -1;
+    }
+
+    /*
+     * Tolerate empty records.  Older sending sides used to accidentally
+     * generate them.
+     */
+    if ( hdr->count == 0 )
+    {
+        DBGPRINTF("Skipping empty HVM_PARAMS record\n");
+        return 0;
+    }
+
     for ( i = 0; i < hdr->count; i++, entry++ )
     {
         switch ( entry->index )

diff --git a/tools/libxc/xc_sr_restore_x86_pv.c b/tools/libxc/xc_sr_restore_x86_pv.c
index bc604b3ab461722d22f5ae20e33dfc5ad484ad19..50e25c162c87f083f3f3af1d975629d15b8552b3 100644 (file)
--- a/tools/libxc/xc_sr_restore_x86_pv.c
+++ b/tools/libxc/xc_sr_restore_x86_pv.c
@@ -753,15 +753,26 @@ static int handle_x86_pv_vcpu_blob(struct xc_sr_context *ctx,
     }
 
     /* Confirm that there is a complete header. */
-    if ( rec->length <= sizeof(*vhdr) )
+    if ( rec->length < sizeof(*vhdr) )
     {
-        ERROR("%s record truncated: length %u, min %zu",
-              rec_name, rec->length, sizeof(*vhdr) + 1);
+        ERROR("%s record truncated: length %u, header size %zu",
+              rec_name, rec->length, sizeof(*vhdr));
         goto out;
     }
 
     blobsz = rec->length - sizeof(*vhdr);
 
+    /*
+     * Tolerate empty records.  Older sending sides used to accidentally
+     * generate them.
+     */
+    if ( blobsz == 0 )
+    {
+        DBGPRINTF("Skipping empty %s record for vcpu %u\n",
+                  rec_type_to_str(rec->type), vhdr->vcpu_id);
+        goto out;
+    }
+
     /* Check that the vcpu id is within range. */
     if ( vhdr->vcpu_id >= ctx->x86_pv.restore.nr_vcpus )
     {