On Thu, Dec 05, 2024 at 10:18:53AM -0300, Fabiano Rosas wrote: > Daniel P. Berrangé <berra...@redhat.com> writes: > > > On Wed, Dec 04, 2024 at 03:51:27PM -0500, Peter Xu wrote: > >> On Wed, Dec 04, 2024 at 08:02:31PM +0000, Daniel P. Berrangé wrote: > >> > I would say the difference is like a graceful shutdown vs pulling the > >> > power plug in a bare metal machine > >> > > >> > 'cancel' is intended to be graceful. It should leave you with a > >> > functional > >> > QEMU (or refuse to run if unsafe). > >> > > >> > 'yank' is intended to be forceful, letting you get out of bad situations > >> > that would otherwise require you to kill the entire QEMU process, but > >> > still with possible associated risk data loss to the QEMU backends. > >> > > >> > They have overlap, but are none the less different. > >> > >> The question is more about whether yank should be used at all for > >> migration only, not about the rest instances. > >> > >> My answer is yank should never be used for migration, because > >> "migrate_cancel" also unplugs the power plug.. It's not anything more > >> enforced. It's only doing less always. > >> > >> E.g. migration_yank_iochannel() is exactly what we do with > >> qmp_migrate_cancel() in the first place, only that migrate_cancel only does > >> it on the main channel (on both qemufiles even if ioc is one), however it > >> should be suffice, and behave the same way, as strong as "yank". > > > > I recall at the time the yank stuff was introduced, one of the scenarios > > they were concerned about was related to locks held by QEMU code. eg that > > there are scenarios where migrate_cancel may not be processed promptly > > enough due to being stalled on mutexes held by other concurrently running > > threads. Now I would expect any such long duration stalls on migration > > mutexes to be bugs, but the intent of yank is to give a recovery mechanism > > that can workaround such bugs. The yank QMP command only interacts with > > its own local mutexes. > > Ok, so that could only mean a thread stuck in recv() while holding the > BQL. I don't think we have any other locks which would stop > migrate_cancel from making progress or other stall situations that could > be helped by a shutdown(). Note that most of locks around qemu_file were > a late addition. I don't think that scenario is possible today. I'll > have to do some tests.
Yes, in general there should never be a for "yank", *if* QMEU is implemented correctly. yank is there in case something unexpected happens. IOW, even if we think migration is perfect today, yank is still worth having there as a safety net. > On that note, how is yank supposed to be accessed? I don't see support > in libvirt. Is there a way to hook into QMP after the fact somehow? We've not wired up any API for this libvirt. I can be issued via libvirt's QMP passthrough API if desired though. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|