On Tue, 7 Jan 2020 09:57:40 +0000 "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx> wrote: > * Alex Williamson (alex.williamson@xxxxxxxxxx) wrote: > > On Thu, 2 Jan 2020 18:25:37 +0000 > > "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx> wrote: > > > > > * Alex Williamson (alex.williamson@xxxxxxxxxx) wrote: > > > > On Fri, 20 Dec 2019 01:40:35 +0530 > > > > Kirti Wankhede <kwankhede@xxxxxxxxxx> wrote: > > > > > > > > > On 12/19/2019 10:57 PM, Alex Williamson wrote: > > > > > > > > > > <Snip> > > > > > > > > > > > <snip> > > > > > > > > > > > > > If device state it at pre-copy state (011b). > > > > > Transition, i.e., write to device state as stop-and-copy state (010b) > > > > > failed, then by previous state I meant device should return pre-copy > > > > > state(011b), i.e. previous state which was successfully set, or as you > > > > > said current state which was successfully set. > > > > > > > > Yes, the point I'm trying to make is that this version of the spec > > > > tries to tell the user what they should do upon error according to our > > > > current interpretation of the QEMU migration protocol. We're not > > > > defining the QEMU migration protocol, we're defining something that can > > > > be used in a way to support that protocol. So I think we should be > > > > concerned with defining our spec, for example my proposal would be: "If > > > > a state transition fails the user can read device_state to determine the > > > > current state of the device. This should be the previous state of the > > > > device unless the vendor driver has encountered an internal error, in > > > > which case the device may report the invalid device_state 110b. The > > > > user must use the device reset ioctl in order to recover the device > > > > from this state. If the device is indicated in a valid device state > > > > via reading device_state, the user may attempt to transition the device > > > > to any valid state reachable from the current state." > > > > > > We might want to be able to distinguish between: > > > a) The device has failed and needs a reset > > > b) The migration has failed > > > > I think the above provides this. For Kirti's example above of > > transitioning from pre-copy to stop-and-copy, the device could refuse > > to transition to stop-and-copy, generating an error on the write() of > > device_state. The user re-reading device_state would allow them to > > determine the current device state, still in pre-copy or failed. Only > > the latter would require a device reset. > > OK - but that doesn't give you any way to figure out 'why' it failed; > I guess I was expecting you to then read an 'error' register to find > out what happened. > Assuming the write() to transition to stop-and-copy fails and you're > still in pre-copy, what's the defined thing you're supposed to do next? > Decide migration has failed and then do a write() to transition to running? Defining semantics for an error register seems like a project on its own. We do have flags, we could use them to add an error register later, but I think it's only going to rat hole this effort to try to incorporate that now. The state machine is fairly small, so in the scenario you present, I think the user would assume a failure at pre-copy to stop-and-copy transition would fail the migration and the device could go back to running state. If the device then fails to return to the running state, we might be stuck with a device with reduced performance or overhead and the user could warn about that and continue with the device as-is. The vendor drivers could make use of -EAGAIN on transition failure to indicate a temporary issue, but otherwise the user should probably consider it a persistent error until either a device reset or start of a new migration sequence (ie. return to running and start over). Thanks, Alex