From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <h.duerr@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id CB6A1BA487
 for <pve-devel@lists.proxmox.com>; Tue, 19 Mar 2024 16:09:28 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id A474E208D
 for <pve-devel@lists.proxmox.com>; Tue, 19 Mar 2024 16:08:58 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Tue, 19 Mar 2024 16:08:57 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 5E18748AD2
 for <pve-devel@lists.proxmox.com>; Tue, 19 Mar 2024 16:08:57 +0100 (CET)
From: Hannes Duerr <h.duerr@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Tue, 19 Mar 2024 16:08:34 +0100
Message-Id: <20240319150834.266548-1-h.duerr@proxmox.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.029 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [qemu.pm]
Subject: [pve-devel] [PATCH qemu-server 1/1] snapshot: prohibit snapshot
 with ram if vm has a passthrough pci device
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 15:09:28 -0000

When a snapshot is created with RAM, qemu attempts to save not only the
RAM content, but also the internal state of the PCI devices.

However, as not all drivers support this, this can lead to the device
drivers in the VM not being able to handle the saved state during the
restore/rollback and in conclusion the VM might crash. For this reason,
we now generally prohibit snapshots with RAM for VMs with passthrough
devices.

In the future, this prohibition can of course be relaxed for individual
drivers that we know support it, such as the vfio driver

Signed-off-by: Hannes Duerr <h.duerr@proxmox.com>
---
 PVE/API2/Qemu.pm | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 40b6c30..0acd1c7 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -5101,6 +5101,16 @@ __PACKAGE__->register_method({
 	die "unable to use snapshot name 'pending' (reserved name)\n"
 	    if lc($snapname) eq 'pending';
 
+	if ($param->{vmstate}) {
+	    my $conf = PVE::QemuConfig->load_config($vmid);
+
+	    for my $key (keys %$conf) {
+		next if $key !~ /^hostpci\d+/;
+		die "cannot snapshot VM with RAM due to passed-through PCI device(s), which lack"
+		    ." the possibility to save/restore their internal state\n";
+	    }
+	}
+
 	my $realcmd = sub {
 	    PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
 	    PVE::QemuConfig->snapshot_create($vmid, $snapname, $param->{vmstate},
-- 
2.39.2