On Wed, May 11, 2022 at 12:26:52 +0200, Jiri Denemark wrote: > On Wed, May 11, 2022 at 10:48:10 +0200, Peter Krempa wrote: > > On Tue, May 10, 2022 at 17:20:27 +0200, Jiri Denemark wrote: > > > There's no need to artificially pause a domain when post-copy fails. The > > > virtual CPUs may continue running, only the guest tasks that decide to > > > read a page which has not been migrated yet will get blocked. > > > > IMO not pausing the VM is a policy decision (same way as pausing it was > > though) and should be user-configurable at migration start. > > > > I can see that users might want to prevent a half-broken VM from > > executing until it gets attention needed to fix it, even when it's safe > > from a "theoretical" standpoint. > > It depends how much was already migrated. In practise the guest may > easily stop running anyway :-) Well, I'd consider that behaviour to be very bad actually, but given the caveats below ... > So yeah, it was a needless policy > decision which is being removed now. But the important reason behind it, > which I should have mention in the commit message is the difference > between libvirt and QEMU migration state. When libvirt connection breaks > (between daemons for p2p migration or between a client and daemons) we > consider migration as broken from the API point of view and return > failure. However, the migration may still be running just fine if the > connection between QEMU processes remains working. And since we're in > post-copy phase, the migration can even finish just fine without > libvirt. So a half-broken VM may magically become a fully working > migrated VM after our migration API reported a failure. Keeping the > domain running makes this situation easier to handle :-) I see. Additionally if e.g. libvirtd isn't running at all (but that ties to the "connection broken" scenario) we wouldn't even pause it. So the caveats were there in fact always albeit less probable. IMO it should be documented somewhere. I agree that this patch is okay though. I think we can add the docs in a follow-up. Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>