[3/3] virtio-blk: note optional features

Message ID	1331036527-7651-4-git-send-email-pbonzini@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Received-SPF: pass (google.com: domain of paolo.bonzini@gmail.com designates 10.182.159.41 as permitted sender) client-ip=10.182.159.41; From: Paolo Bonzini <pbonzini@redhat.com> To: qemu-devel@nongnu.org Date: Tue, 6 Mar 2012 13:22:07 +0100 Message-Id: <1331036527-7651-4-git-send-email-pbonzini@redhat.com> In-Reply-To: <1331036527-7651-1-git-send-email-pbonzini@redhat.com> References: <1331036527-7651-1-git-send-email-pbonzini@redhat.com> Cc: amit.shah@redhat.com, uobergfe@redhat.com, owasserm@redhat.com, armbru@redhat.com, mst@redhat.com Subject: [Qemu-devel] [PATCH 3/3] virtio-blk: note optional features Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Paolo Bonzini March 6, 2012, 12:22 p.m. UTC

The guest must already be prepared to see SG_IO support
disappear from under its feet, for example if migration
refers to a block device on the source and file-based
storage on the destination; or more likely, if the source
kernel allows (gasp) SG_IO on a partition and the destination
does not.  So, we can migrate safely even if the source
had VIRTIO_BLK_F_SCSI and the destination does not.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/virtio-blk.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Michael S. Tsirkin March 6, 2012, 2:53 p.m. UTC | #1

On Tue, Mar 06, 2012 at 01:22:07PM +0100, Paolo Bonzini wrote:
> The guest must already be prepared to see SG_IO support
> disappear from under its feet, for example if migration
> refers to a block device on the source and file-based
> storage on the destination; or more likely, if the source
> kernel allows (gasp) SG_IO on a partition and the destination
> does not.  So, we can migrate safely even if the source
> had VIRTIO_BLK_F_SCSI and the destination does not.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

My first reaction is you want a new non guest
visible flag to control whether SG_IO fails on host.
guest visible ones must be consistent across migration.

> ---
>  hw/virtio-blk.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
> index c95f8fc..9a4158a 100644
> --- a/hw/virtio-blk.c
> +++ b/hw/virtio-blk.c
> @@ -542,7 +542,7 @@ static int virtio_blk_load(QEMUFile *f, void *opaque, int version_id)
>      if (version_id != 2)
>          return -EINVAL;
>  
> -    ret = virtio_load(&s->vdev, f, 0);
> +    ret = virtio_load(&s->vdev, f, VIRTIO_BLK_F_SCSI);
>      if (ret) {
>          return ret;
>      }
> -- 
> 1.7.7.6

Paolo Bonzini March 6, 2012, 3:58 p.m. UTC | #2

Il 06/03/2012 15:53, Michael S. Tsirkin ha scritto:
> > The guest must already be prepared to see SG_IO support
> > disappear from under its feet, for example if migration
> > refers to a block device on the source and file-based
> > storage on the destination; or more likely, if the source
> > kernel allows (gasp) SG_IO on a partition and the destination
> > does not.  So, we can migrate safely even if the source
> > had VIRTIO_BLK_F_SCSI and the destination does not.
> > 
> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> 
> My first reaction is you want a new non guest
> visible flag to control whether SG_IO fails on host.
> guest visible ones must be consistent across migration.

So scsi=off/on would control VIRTIO_BLK_F_SCSI, while the new flag would
cause requests to fail.  Then it's simpler to do the other way round.
Make the "new non guest-visible flag" be scsi=on/off and set
VIRTIO_BLK_F_SCSI unconditionally as you suggested first.

Paolo

Anthony Liguori March 6, 2012, 5:03 p.m. UTC | #3

On 03/06/2012 06:22 AM, Paolo Bonzini wrote:
> The guest must already be prepared to see SG_IO support
> disappear from under its feet, for example if migration
> refers to a block device on the source and file-based
> storage on the destination; or more likely, if the source
> kernel allows (gasp) SG_IO on a partition and the destination
> does not.  So, we can migrate safely even if the source
> had VIRTIO_BLK_F_SCSI and the destination does not.

I don't know how comfortable I feel about this.

You can't just remove a feature in flight.  The guest is going to behave 
differently in such a way that the host isn't expecting.  Yes, it should fail 
gracefully, but nonetheless it will fail.

Aren't you just delaying the inevitable?  Instead of having migration fail, the 
guest workload is going to fail.  How is this an improvement?

Regards,

Anthony Liguorig

>
> Signed-off-by: Paolo Bonzini<pbonzini@redhat.com>
> ---
>   hw/virtio-blk.c |    2 +-
>   1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
> index c95f8fc..9a4158a 100644
> --- a/hw/virtio-blk.c
> +++ b/hw/virtio-blk.c
> @@ -542,7 +542,7 @@ static int virtio_blk_load(QEMUFile *f, void *opaque, int version_id)
>       if (version_id != 2)
>           return -EINVAL;
>
> -    ret = virtio_load(&s->vdev, f, 0);
> +    ret = virtio_load(&s->vdev, f, VIRTIO_BLK_F_SCSI);
>       if (ret) {
>           return ret;
>       }

Paolo Bonzini March 6, 2012, 5:12 p.m. UTC | #4

Il 06/03/2012 18:03, Anthony Liguori ha scritto:
> I don't know how comfortable I feel about this.
> 
> You can't just remove a feature in flight.  The guest is going to behave
> differently in such a way that the host isn't expecting.  Yes, it should
> fail gracefully, but nonetheless it will fail.
> 
> Aren't you just delaying the inevitable?  Instead of having migration
> fail, the guest workload is going to fail.  How is this an improvement?

VIRTIO_BLK_F_SCSI feature was almost never used but was always marked as
available.  Because of possible security problems connected to it,
libvirt started making it an opt-in feature.

In practice, you need to configure your host specially if you want to
use SCSI passthrough (e.g. you must not use labels and UUIDs in your
/etc/fstab), so it's safe to assume that guests that have SG_IO disabled
under their feet will keep working.

That said, instead of this hack we can just decouple scsi=on/off from
VIRTIO_BLK_F_SCSI, and just report the feature.  After all we do not
clear VIRTIO_BLK_F_SCSI just because the device is backed by a file or
partition, yet SG_IO is still unavailable in those cases.  I'll send
patches for this tomorrow.

Paolo

Anthony Liguori March 6, 2012, 5:15 p.m. UTC | #5

On 03/06/2012 11:12 AM, Paolo Bonzini wrote:
> Il 06/03/2012 18:03, Anthony Liguori ha scritto:
>> I don't know how comfortable I feel about this.
>>
>> You can't just remove a feature in flight.  The guest is going to behave
>> differently in such a way that the host isn't expecting.  Yes, it should
>> fail gracefully, but nonetheless it will fail.
>>
>> Aren't you just delaying the inevitable?  Instead of having migration
>> fail, the guest workload is going to fail.  How is this an improvement?
>
> VIRTIO_BLK_F_SCSI feature was almost never used but was always marked as
> available.  Because of possible security problems connected to it,
> libvirt started making it an opt-in feature.
>
> In practice, you need to configure your host specially if you want to
> use SCSI passthrough (e.g. you must not use labels and UUIDs in your
> /etc/fstab), so it's safe to assume that guests that have SG_IO disabled
> under their feet will keep working.
>
> That said, instead of this hack we can just decouple scsi=on/off from
> VIRTIO_BLK_F_SCSI, and just report the feature.  After all we do not
> clear VIRTIO_BLK_F_SCSI just because the device is backed by a file or
> partition, yet SG_IO is still unavailable in those cases.  I'll send
> patches for this tomorrow.

Okay, that makes more sense to me.  I think this is an exceptional circumstance 
so handling it as a one-off verses a generic mechanism would be preferred.

Regards,

Anthony Liguori

>
> Paolo

[3/3] virtio-blk: note optional features

Commit Message

Comments

Patch