exit with success code on certain KVM_EXIT events

Serban Iorga · Serban Iorga · commit 3a9a1ac0b8c0 · 2020-02-17T17:43:06.000+02:00
exit the firecracker process with success code on KVM_EXIT_SHUTDOWN or
KVM_EXIT_HLT

Signed-off-by: Serban Iorga &lt;seriorga@amazon.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,8 @@
 - Fixed #1469 - Broken GitHub location for Firecracker release binary.
 - The jailer allows changing the default api socket path by using the extra
   arguments passed to firecracker.
+- Fixed #1456 - Occasional KVM_EXIT_SHUTDOWN and bad syscall (14) during 
+  VM shutdown
 
 ### Changed
   
diff --git a/src/vmm/src/vstate.rs b/src/vmm/src/vstate.rs
@@ -14,7 +14,7 @@ use std::sync::mpsc::{channel, Receiver, Sender, TryRecvError};
 use std::thread;
 
 use super::TimestampUs;
-use super::FC_EXIT_CODE_GENERIC_ERROR;
+use super::{FC_EXIT_CODE_GENERIC_ERROR, FC_EXIT_CODE_OK};
 #[cfg(target_arch = "aarch64")]
 use arch::aarch64::gic::GICDevice;
 #[cfg(target_arch = "x86_64")]
@@ -926,11 +926,11 @@ impl Vcpu {
                 }
                 VcpuExit::Hlt => {
                     info!("Received KVM_EXIT_HLT signal");
-                    Err(Error::VcpuUnhandledKvmExit)
+                    Ok(VcpuEmulation::Stopped)
                 }
                 VcpuExit::Shutdown => {
                     info!("Received KVM_EXIT_SHUTDOWN signal");
-                    Err(Error::VcpuUnhandledKvmExit)
+                    Ok(VcpuEmulation::Stopped)
                 }
                 // Documentation specifies that below kvm exits are considered
                 // errors.
@@ -1002,6 +1002,14 @@ impl Vcpu {
                 Ok(VcpuEmulation::Handled) => (),
                 // Emulation was interrupted, check external events.
                 Ok(VcpuEmulation::Interrupted) => break,
+                // If the guest was rebooted or halted:
+                // - vCPU0 will always exit out of `KVM_RUN` with KVM_EXIT_SHUTDOWN or
+                //   KVM_EXIT_HLT.
+                // - the other vCPUs won't ever exit out of `KVM_RUN`, but they won't consume CPU.
+                // Moreover if we allow the vCPU0 thread to finish execution, this might generate a
+                // seccomp failure because musl calls `sigprocmask` as part of `pthread_exit`.
+                // So we pause vCPU0 and send a signal to the emulation thread to stop the VMM.
+                Ok(VcpuEmulation::Stopped) => return self.exit(FC_EXIT_CODE_OK),
                 // Emulation errors lead to vCPU exit.
                 Err(_) => return self.exit(FC_EXIT_CODE_GENERIC_ERROR),
             }
@@ -1167,6 +1175,7 @@ impl VcpuHandle {
 enum VcpuEmulation {
     Handled,
     Interrupted,
+    Stopped,
 }
 
 #[cfg(test)]
