This feature should no longer be necessary.
Change-Id: I9bff628be020cf1741bffaeb3bb97e3660a54aea
#define OPT_FORCE_INIT_FAIL "-y" /* force init failure (for debugging) */
#define OPT_FORCE_INIT_TIMEOUT "-z" /* force init timeout (for debugging) */
#define OPT_FORCE_INIT_DEFCB "-d" /* force init default callback */
-#define OPT_UNSAFE_LU "-u" /* allow unsafe update */
#define OPT_NOMMAP_LU "-m" /* don't inherit mmaped regions */
#define OPT_DETACH "-e" /* detach on update/restart */
#define OPT_NORESTART "-f" /* don't restart */
fprintf(stderr, "Warning, %s\n", problem);
fprintf(stderr, "Usage:\n");
fprintf(stderr,
- " %s [%s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s
%s] (up|run|edit|update) <binary|%s> [%s <args>] [%s <special>] [%s <major_nr>] [%s <dev_id>] [%s <ticks>] [%s <path>] [%s <name>] [%s <path>] [%s <state value|eval_expression>] [%s <time>] [%s <bytes>] [%s <bytes>] [%s <name>] [(%s|%s <src_label1,src_type1:src_label2,:,src_type3:...>)*] [%s <restarts>]\n",
+ " %s [%s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s] (up|run|edit|update) <binary|%s> [%s <args>] [%s <special>] [%s <major_nr>] [%s <dev_id>] [%s <ticks>] [%s <path>] [%s <name>] [%s <path>] [%s <state value|eval_expression>] [%s <time>] [%s <bytes>] [%s <bytes>] [%s <name>] [(%s|%s <src_label1,src_type1:src_label2,:,src_type3:...>)*] [%s <restarts>]\n",
app_name, OPT_COPY, OPT_REUSE, OPT_NOBLOCK, OPT_REPLICA, OPT_NO_BIN_EXP,
OPT_BATCH, OPT_ASR_LU, OPT_PREPARE_ONLY_LU, OPT_FORCE_SELF_LU,
OPT_FORCE_INIT_CRASH, OPT_FORCE_INIT_FAIL, OPT_FORCE_INIT_TIMEOUT,
- OPT_FORCE_INIT_DEFCB, OPT_UNSAFE_LU, OPT_NOMMAP_LU, OPT_DETACH,
+ OPT_FORCE_INIT_DEFCB, OPT_NOMMAP_LU, OPT_DETACH,
OPT_NORESTART, OPT_FORCE_INIT_ST, SELF_BINARY,
ARG_ARGS, ARG_DEV, ARG_MAJOR, ARG_DEVMANID, ARG_PERIOD,
ARG_SCRIPT, ARG_LABELNAME, ARG_CONFIG, ARG_LU_STATE, ARG_LU_MAXTIME,
fprintf(stderr, " %s: force init failure (for debugging)\n", OPT_FORCE_INIT_FAIL);
fprintf(stderr, " %s: force init timeout (for debugging)\n", OPT_FORCE_INIT_TIMEOUT);
fprintf(stderr, " %s: force init default callback \n", OPT_FORCE_INIT_DEFCB);
- fprintf(stderr, " %s: allow unsafe update \n", OPT_UNSAFE_LU);
fprintf(stderr, " %s: don't inherit mmaped regions \n", OPT_NOMMAP_LU);
fprintf(stderr, " %s: detach on update/restart \n", OPT_DETACH);
fprintf(stderr, " %s: don't restart \n", OPT_NORESTART);
if(d_flag)
*rss_flags |= RSS_FORCE_INIT_DEFCB;
- if(u_flag)
- *rss_flags |= RSS_UNSAFE_LU;
-
if(m_flag)
*rss_flags |= RSS_NOMMAP_LU;
#define RSS_FORCE_INIT_DEFCB 0x2000 /* force default cb at initialization time (for debugging) */
#define RSS_SYS_BASIC_CALLS 0x4000 /* include basic kernel calls */
#define RSS_VM_BASIC_CALLS 0x8000 /* include basic vm calls */
-#define RSS_UNSAFE_LU 0x10000 /* allow unsafe update */
-#define RSS_NOMMAP_LU 0x20000 /* don't inherit mmapped regions */
-#define RSS_DETACH 0x40000 /* detach on update/restart */
-#define RSS_NORESTART 0x80000 /* don't restart */
-#define RSS_FORCE_INIT_ST 0x100000 /* force state transfer at initialization time */
-#define RSS_NO_BIN_EXP 0x200000 /* suppress binary exponential offset */
+#define RSS_NOMMAP_LU 0x10000 /* don't inherit mmapped regions */
+#define RSS_DETACH 0x20000 /* detach on update/restart */
+#define RSS_NORESTART 0x40000 /* don't restart */
+#define RSS_FORCE_INIT_ST 0x80000 /* force state transfer at initialization time */
+#define RSS_NO_BIN_EXP 0x100000 /* suppress binary exponential offset */
/* Common definitions. */
#define RS_NR_CONTROL 8
#define SEF_LU_INCLUDES_VM 0x0800 /* the update includes VM */
#define SEF_LU_INCLUDES_RS 0x1000 /* the update includes RS */
#define SEF_LU_PREPARE_ONLY 0x2000 /* prepare only, no actual update taking place */
-#define SEF_LU_UNSAFE 0x4000 /* unsafe update, rollback may not be possible */
-#define SEF_LU_NOMMAP 0x8000 /* update doesn't inherit mmapped regions */
-#define SEF_LU_DETACHED 0x10000 /* update detaches the old instance */
+#define SEF_LU_NOMMAP 0x4000 /* update doesn't inherit mmapped regions */
+#define SEF_LU_DETACHED 0x8000 /* update detaches the old instance */
#define SEF_LU_IS_IDENTITY_UPDATE(F) (((F) & (SEF_LU_SELF|SEF_LU_NOMMAP|SEF_LU_ASR|SEF_INIT_ST)) == SEF_LU_SELF)
if(rs_start.rss_flags & RSS_ASR_LU) {
lu_flags |= SEF_LU_ASR;
}
- if(rs_start.rss_flags & RSS_UNSAFE_LU) {
- lu_flags |= SEF_LU_UNSAFE;
- }
if(!prepare_only && (rs_start.rss_flags & RSS_DETACH)) {
lu_flags |= SEF_LU_DETACHED;
}
rupdate.num_rpupds++;
/* Propagate relevant flags from the new descriptor. */
- lu_flags = rpupd->lu_flags & (SEF_LU_INCLUDES_VM|SEF_LU_INCLUDES_RS|SEF_LU_UNSAFE|SEF_LU_MULTI);
+ lu_flags = rpupd->lu_flags & (SEF_LU_INCLUDES_VM|SEF_LU_INCLUDES_RS|SEF_LU_MULTI);
if(lu_flags) {
RUPDATE_ITER(rupdate.first_rpupd, prev_rpupd, walk_rpupd,
walk_rpupd->lu_flags |= lu_flags;
/* Propagate relevant flags from last service under update (if any). */
if(rupdate.last_rpupd) {
- int lu_flags = rupdate.last_rpupd->lu_flags & (SEF_LU_INCLUDES_VM|SEF_LU_INCLUDES_RS|SEF_LU_UNSAFE);
+ int lu_flags = rupdate.last_rpupd->lu_flags & (SEF_LU_INCLUDES_VM|SEF_LU_INCLUDES_RS);
rpupd->lu_flags |= lu_flags;
rpupd->init_flags |= lu_flags;
}
exit(1);
}
- /* If VM is updated as part of a multi-component live update and something
- * goes wrong after VM has completed initialization, rollback is only
- * supported in a best-effort way in unsafe mode. The new VM instance might
- * have important state changes that won't be reflected in the old version
- * once we rollback.
- */
- if(result != OK && RUPDATE_IS_UPD_VM_MULTI() && RUPDATE_IS_VM_INIT_DONE() && (rupdate.vm_rpupd->lu_flags & SEF_LU_UNSAFE)) {
- printf("RS: Warning rollbacking in unsafe multi-component update including VM!\n");
- }
-
/* Handle prepare-only services first: simply cancel the update. */
RUPDATE_ITER(rupdate.first_rpupd, prev_rpupd, rpupd,
if(UPD_IS_PREPARING_ONLY(rpupd)) {
#define srv_upd_luflag_c(F) (rpupd->lu_flags & F ? '1' : '0')
#define srv_upd_iflag_c(F) (rpupd->init_flags & F ? '1' : '0')
- sprintf(srv_upd_string, "update (lu_flags(SAMPUNDRV)=%c%c%c%c%c%c%c%c%c, init_flags=(FCTD)=%c%c%c%c, state %d (%s), tm %lu, maxtime %lu, endpoint %d, state_data_gid %d, prev_ep %d, next_ep %d)",
+ sprintf(srv_upd_string, "update (lu_flags(SAMPNDRV)=%c%c%c%c%c%c%c%c, init_flags=(FCTD)=%c%c%c%c, state %d (%s), tm %lu, maxtime %lu, endpoint %d, state_data_gid %d, prev_ep %d, next_ep %d)",
srv_upd_luflag_c(SEF_LU_SELF), srv_upd_luflag_c(SEF_LU_ASR),
srv_upd_luflag_c(SEF_LU_MULTI), srv_upd_luflag_c(SEF_LU_PREPARE_ONLY),
- srv_upd_luflag_c(SEF_LU_UNSAFE), srv_upd_luflag_c(SEF_LU_NOMMAP),
- srv_upd_luflag_c(SEF_LU_DETACHED), srv_upd_luflag_c(SEF_LU_INCLUDES_RS),
+ srv_upd_luflag_c(SEF_LU_NOMMAP), srv_upd_luflag_c(SEF_LU_DETACHED),
+ srv_upd_luflag_c(SEF_LU_INCLUDES_RS),
srv_upd_luflag_c(SEF_LU_INCLUDES_VM), srv_upd_iflag_c(SEF_INIT_FAIL),
srv_upd_iflag_c(SEF_INIT_CRASH), srv_upd_iflag_c(SEF_INIT_TIMEOUT),
srv_upd_iflag_c(SEF_INIT_DEFCB), rpupd->prepare_state,
num_elements = 0;
ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE;
ipc_filter[num_elements++].m_source = RS_PROC_NR;
- if(info->flags & SEF_LU_UNSAFE) {
- ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE;
- ipc_filter[num_elements++].m_source = ANY_TSK;
- }
if((r = sys_safecopyfrom(RS_PROC_NR, info->rproctab_gid, 0,
(vir_bytes) rprocpub, NR_SYS_PROCS*sizeof(struct rprocpub))) != OK) {
panic("sys_safecopyfrom failed: %d", r);
* are blocked intentionally, as handling these would
* prevent VM from being able to roll back.
*/
- ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE;
+ ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE | IPCF_MATCH_M_TYPE;
ipc_filter[num_elements].m_source = rprocpub[i].old_endpoint;
- if(!(info->flags & SEF_LU_UNSAFE)) {
- ipc_filter[num_elements].flags |= IPCF_MATCH_M_TYPE;
- ipc_filter[num_elements].m_type = VM_BRK;
- }
- num_elements++;
- ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE;
+ ipc_filter[num_elements++].m_type = VM_BRK;
+ ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE | IPCF_MATCH_M_TYPE;
ipc_filter[num_elements].m_source = rprocpub[i].new_endpoint;
- if(!(info->flags & SEF_LU_UNSAFE)) {
- ipc_filter[num_elements].flags |= IPCF_MATCH_M_TYPE;
- ipc_filter[num_elements].m_type = VM_BRK;
- }
- num_elements++;
- if(!(info->flags & SEF_LU_UNSAFE)) {
- ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE | IPCF_MATCH_M_TYPE;
- ipc_filter[num_elements].m_source = rprocpub[i].old_endpoint;
- ipc_filter[num_elements++].m_type = VM_INFO;
- ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE | IPCF_MATCH_M_TYPE;
- ipc_filter[num_elements].m_source = rprocpub[i].new_endpoint;
- ipc_filter[num_elements++].m_type = VM_INFO;
- }
+ ipc_filter[num_elements++].m_type = VM_BRK;
+ ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE | IPCF_MATCH_M_TYPE;
+ ipc_filter[num_elements].m_source = rprocpub[i].old_endpoint;
+ ipc_filter[num_elements++].m_type = VM_INFO;
+ ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE | IPCF_MATCH_M_TYPE;
+ ipc_filter[num_elements].m_source = rprocpub[i].new_endpoint;
+ ipc_filter[num_elements++].m_type = VM_INFO;
/* Make sure we can talk to any RS instance. */
if(rprocpub[i].old_endpoint == RS_PROC_NR) {
ipc_filter[num_elements].flags = IPCF_MATCH_M_SOURCE;
local ret=0
local index=0
local once_index=2
- local force_unsafe=""
lu_opts=${lu_opts:-}
lu_maxtime=${lu_maxtime:-3HZ}
for label in ${labels}
do
index=`expr $index + 1`
- force_unsafe=""
if [ "x$label" = "xvm" ]
then
- # VM doesn't support safe LU, nor rollbacks for now
- force_unsafe="-u"
-
if echo "${lu_opts_once}" | grep -q -E -- '-(x|y|z)'
then
continue
if [ $index -eq $once_index ]
then
- service ${lu_opts_once} ${force_unsafe} -q update self -label ${label} -maxtime ${lu_maxtime_once} -state ${lu_state_once} || ret=1
+ service ${lu_opts_once} -q update self -label ${label} -maxtime ${lu_maxtime_once} -state ${lu_state_once} || ret=1
else
- service ${lu_opts} ${force_unsafe} -q update self -label ${label} -maxtime ${lu_maxtime} -state ${lu_state} || ret=1
+ service ${lu_opts} -q update self -label ${label} -maxtime ${lu_maxtime} -state ${lu_state} || ret=1
fi
done
service sysctl upd_run