[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 3/4] net/virtio: add failover support
|
From: |
Dr. David Alan Gilbert |
|
Subject: |
Re: [Qemu-devel] [PATCH 3/4] net/virtio: add failover support |
|
Date: |
Mon, 3 Jun 2019 09:06:46 +0100 |
|
User-agent: |
Mutt/1.11.4 (2019-03-13) |
* Michael S. Tsirkin (address@hidden) wrote:
> On Fri, May 31, 2019 at 07:45:13PM +0100, Dr. David Alan Gilbert wrote:
> > * Michael S. Tsirkin (address@hidden) wrote:
> > > On Fri, May 31, 2019 at 02:01:54PM -0300, Eduardo Habkost wrote:
> > > > > Yes. It's just lots of extremely low level interfaces
> > > > > and all rather pointless.
> > > > >
> > > > > And down the road extensions like surprise removal support will make
> > > > > it
> > > > > all cleaner and more transparent. Floating things up to libvirt means
> > > > > all these low level details will require more and more hacks.
> > > >
> > > > Why do you call it pointless?
> > >
> > > We'd need APIs to manipulate device visibility to guest, hotplug
> > > controller state and separately manipulate the resources allocated. This
> > > is low level stuff that users really have no idea what to do about.
> > > Exposing such a level of detail to management is imho pointless.
> > > We are better off with a high level API, see below.
> >
> > so I don't know much about vfio; but to me it strikes me that
> > you wouldn't need that low level detail if we just reworked vfio
> > to look more like all our other devices; something like:
> >
> > -vfiodev host=02:00.0,id=gpu
> > -device vfio-pci,dev=gpu
> >
> > The 'vfiodev' would own the resources; so to do this trick, the
> > management layer would:
> > hotunplug the vfio-pci
> > migrate
> >
> > if anything went wrong it would
> > hotplug the vfio-pci backin
> >
> > you wouldn't have free'd up any resources because they belonged
> > to the vfiodev.
>
>
> IIUC that doesn't really work with passthrough
> unless guests support surprise removal.
Why? The view from the guest here is just like what this series
has added without the special hack.
Dave
>
> > > > If we want this to work before
> > > > surprise removal is implemented, we need to provide an API that
> > > > works for management software.
> > > > Don't we want to make this work
> > > > without surprise removal too?
> > >
> > > This patchset adds an optional, off by default support for
> > > migrating guests with an assigned network device.
> > > If enabled this requires guest to allow migration.
> > >
> > > Of course this can be viewed as a security problem since it allows guest
> > > to block migration. We can't detect a malicious guest reliably imho.
> > > What we can do is report to management when guest allows migration.
> > > Policy such what to do when this does not happen for a while and
> > > what timeout to set would be up to management.
> > >
> > > The API in question would be a high level one, something
> > > along the lines of a single "guest allowed migration" event.
> >
> > This is all fairly normal problems with hot unplugging - that's
> > already dealt with at higher levels for normal hot unplugging.
> >
> > The question here is to try to avoid duplicating that fairly
> > painful process in qemu.
> >
> > Dave
> > >
> > > --
> > > MST
> > --
> > Dr. David Alan Gilbert / address@hidden / Manchester, UK
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK
- Re: [Qemu-devel] [PATCH 3/4] net/virtio: add failover support,
Dr. David Alan Gilbert <=