Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On 06/19/2018 06:30 PM, Tiwei Bie wrote: On Tue, Jun 19, 2018 at 12:46:45PM +0200, Halil Pasic wrote: On 06/19/2018 11:14 AM, Tiwei Bie wrote: On Mon, Jun 18, 2018 at 07:28:33PM +0300, Michael S. Tsirkin wrote: [...] If it would be better to drop this patch, I'm fine with dropping it. Thanks! @Tiwei Bie Thanks for your flexibility! What is your opinion (after considering the arguments from my previous mail), is it better to include this patch in the spec or is it better to drop it? Were you able to identify mistakes in my reasoning (I mean points (1)-(12))? Hi Halil, I think maybe you thought too much about this proposal (or maybe I really missed something obvious). In my opinion, the device requirement proposed by this patch is quite simple and straightforward: - It's just to make the spec explicitly require that a certain virtio device shouldn't fail re-negotiation of a feature set it has successfully accepted once. - It covers the cases of virtio device reset and system reset (which includes normal shutdown and start). I think the requirement is reasonable because for a certain virtio device, there is no reason that the feature bits it offers will change (because it should always offer all the features it understands). And we are just to add a device normative to make the spec be more explicit about that (because if a device really changes the features it offers after a device or system reset, something will go wrong). If the configs of an emulated virtio device are changed, maybe we shouldn't treat it as the same device any more, and IMO this case is not related to this proposal. Thanks for clarifying your position. I don't want to usurp any more of your valuable time. I'm not convinced but I've given up on hope to convince the opposition. I'm giving up. Regards, Halil - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Wed, 20 Jun 2018 00:30:59 +0800 Tiwei Bie wrote: > On Tue, Jun 19, 2018 at 12:46:45PM +0200, Halil Pasic wrote: > > On 06/19/2018 11:14 AM, Tiwei Bie wrote: > > > On Mon, Jun 18, 2018 at 07:28:33PM +0300, Michael S. Tsirkin wrote: > [...] > > > > > > If it would be better to drop this patch, > > > I'm fine with dropping it. Thanks! > > > > > > > @Tiwei Bie > > Thanks for your flexibility! What is your opinion (after considering the > > arguments from my previous mail), is it better to include this patch in the > > spec or > > is it better to drop it? Were you able to identify mistakes in my reasoning > > (I mean points (1)-(12))? > > > > Hi Halil, > > I think maybe you thought too much about this proposal > (or maybe I really missed something obvious). In my > opinion, the device requirement proposed by this patch > is quite simple and straightforward: > > - It's just to make the spec explicitly require that > a certain virtio device shouldn't fail re-negotiation > of a feature set it has successfully accepted once. > > - It covers the cases of virtio device reset and system > reset (which includes normal shutdown and start). > > I think the requirement is reasonable because for a > certain virtio device, there is no reason that the > feature bits it offers will change (because it should > always offer all the features it understands). And we > are just to add a device normative to make the spec be > more explicit about that (because if a device really > changes the features it offers after a device or > system reset, something will go wrong). If the configs > of an emulated virtio device are changed, maybe we > shouldn't treat it as the same device any more, and > IMO this case is not related to this proposal. > > Although we have 'Each virtio device offers all the > features it understands', it's not an explicit device > requirement. So I don't think it's a bad idea to > have an explicit device requirement about this. I think this reasoning is sane and we really should not overthink it. The update as has been voted on looks fine to me. - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Tue, Jun 19, 2018 at 05:14:18PM +0800, Tiwei Bie wrote: > On Mon, Jun 18, 2018 at 07:28:33PM +0300, Michael S. Tsirkin wrote: > > On Mon, Jun 18, 2018 at 05:08:32PM +0200, Halil Pasic wrote: > > > > > > > > > On 06/15/2018 05:37 PM, Michael S. Tsirkin wrote: > > > > On Fri, Jun 15, 2018 at 05:16:10PM +0200, Halil Pasic wrote: > > > > > > > > > > > > > > > On 06/15/2018 03:38 PM, Michael S. Tsirkin wrote: > > > > > > On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: > > > > > > > > > > > > > > > > > > > > > On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: > > > > > > > > On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > On 06/11/2018 09:56 AM, Tiwei Bie wrote: > > > > > > > > > > Suggested-by: Michael S. Tsirkin > > > > > > > > > > Signed-off-by: Tiwei Bie > > > > > > > > > > Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 > > > > > > > > > > --- > > > > > > > > > > v2: > > > > > > > > > > - Refine the wording (Cornelia); > > > > > > > > > > > > > > > > > > > > v3: > > > > > > > > > > - Refine the wording (MST); > > > > > > > > > > > > > > > > > > > > content.tex | 7 +++ > > > > > > > > > > 1 file changed, 7 insertions(+) > > > > > > > > > > > > > > > > > > > > diff --git a/content.tex b/content.tex > > > > > > > > > > index f996fad..3c7d67d 100644 > > > > > > > > > > --- a/content.tex > > > > > > > > > > +++ b/content.tex > > > > > > > > > > @@ -125,6 +125,13 @@ which was not offered. The device > > > > > > > > > > SHOULD accept any valid subset > > > > > > > > > > of features the driver accepts, otherwise it MUST fail > > > > > > > > > > to set the > > > > > > > > > > FEATURES_OK \field{device status} bit when the driver > > > > > > > > > > writes it. > > > > > > > > > > +If a device has successfully negotiated a set of features > > > > > > > > > > +at least once (by accepting the FEATURES_OK \field{device > > > > > > > > > > +status} bit during device initialization), then it SHOULD > > > > > > > > > > +NOT fail re-negotiation of the same set of features after > > > > > > > > > > +a device or system reset. Failure to do so would interfere > > > > > > > > > > +with resuming from suspend and error recovery. > > > > > > > > > > + > > > > > > > > > > > > > > > > > > > > > > > > > > > Sorry people but I don't get it. I mean it is kind of > > > > > > > > > reasonable > > > > > > > > > to assume that with a given device and a given driver (given, > > > > > > > > > i.e. > > > > > > > > > nothing changes) the two will always negotiate the same > > > > > > > > > features > > > > > > > > > (including the extremal case where the negotiation fails). > > > > > > > > > > > > > > > > > > Either the device or a driver rolling a dice to make feature > > > > > > > > > negotiation > > > > > > > > > more fun seems quite unreasonable. So I assume this is not > > > > > > > > > what we are > > > > > > > > > bothering to soft prohibit here. > > > > > > > > > > > > > > > > > > So the interesting scenario seems to be when stuff changes. > > > > > > > > > When > > > > > > > > > migrating the implementation of the device could change. Or > > > > > > > > > something > > > > > > > > > changes regarding the resources used to provide the virtual > > > > > > > > > device. > > > > > > > > > > > > > > > > > > But then, if the device really can not support the set of > > > > > > > > > features > > > > > > > > > it used to be able, I guess the SHOULD does not take effect > > > > > > > > > (I guess > > > > > > > > > that is the difference compared to MUST). > > > > > > > > > > > > > > > > > > Bottom line is: I tried to figure out what is this about, but > > > > > > > > > I failed. > > > > > > > > > I've read https://github.com/oasis-tcs/virtio-spec/issues/14 > > > > > > > > > too but > > > > > > > > > it did not click. I would appreciate some assistance. > > > > > > > > > > > > > > > > It's exactly what it says. Let's say you negotiated a feature > > > > > > > > and then > > > > > > > > device sets NEED_RESET. Driver must now reset the device and > > > > > > > > put it > > > > > > > > back in the same state it had before the reset, then resubmit > > > > > > > > requests that were available but never used. > > > > > > > > > > > > > > > > What if any of the features changed? Device suddenly > > > > > > > > needs to check for requests which do not match the > > > > > > > > features. > > > > > > > > > > > > > > > > Suspend is similar: guests tend to assume hardware does not > > > > > > > > change > > > > > > > > across suspend/resume, any changes tend to make resume fail. > > > > > > > > > > > > > > > > > > > > > > Thank you very much! But it still does not answer why would a > > > > > > > device > > > > > > > want to do that (fail to negotiate a feature that it was able to > > > > > > > negotiate before). So I'm still in the dark about what are we > > > > > > > trading > > > > > > > for
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Tue, Jun 19, 2018 at 12:46:45PM +0200, Halil Pasic wrote: > On 06/19/2018 11:14 AM, Tiwei Bie wrote: > > On Mon, Jun 18, 2018 at 07:28:33PM +0300, Michael S. Tsirkin wrote: [...] > > > > If it would be better to drop this patch, > > I'm fine with dropping it. Thanks! > > > > @Tiwei Bie > Thanks for your flexibility! What is your opinion (after considering the > arguments from my previous mail), is it better to include this patch in the > spec or > is it better to drop it? Were you able to identify mistakes in my reasoning > (I mean points (1)-(12))? > Hi Halil, I think maybe you thought too much about this proposal (or maybe I really missed something obvious). In my opinion, the device requirement proposed by this patch is quite simple and straightforward: - It's just to make the spec explicitly require that a certain virtio device shouldn't fail re-negotiation of a feature set it has successfully accepted once. - It covers the cases of virtio device reset and system reset (which includes normal shutdown and start). I think the requirement is reasonable because for a certain virtio device, there is no reason that the feature bits it offers will change (because it should always offer all the features it understands). And we are just to add a device normative to make the spec be more explicit about that (because if a device really changes the features it offers after a device or system reset, something will go wrong). If the configs of an emulated virtio device are changed, maybe we shouldn't treat it as the same device any more, and IMO this case is not related to this proposal. Although we have 'Each virtio device offers all the features it understands', it's not an explicit device requirement. So I don't think it's a bad idea to have an explicit device requirement about this. Best regards, Tiwei Bie - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On 06/19/2018 11:14 AM, Tiwei Bie wrote: On Mon, Jun 18, 2018 at 07:28:33PM +0300, Michael S. Tsirkin wrote: [..] (11) The VIRTIO specification is a bit vague about how a reset is supposed to be handled by the guest, but it certainly does not prohibit the negotiated features from changing after reset. Here I will quote two fragments that hint this is actually something foreseen by the VIRTIO standard: * 'During device initialization, the driver reads this and tells the device the subset that it accepts. The only way to renegotiate is to reset the device.' * 'If the driver sets the FAILED bit, the driver MUST later reset the device before attempting to re-initialize.' If re-initialize is in a sense of '3.1.1 Driver Requirements: Device Initialization' then full feature negotiation seems to be compulsory. Linux does not do this. But since setting up queues seems to be a part of the 3.1.1 initialization sequence (even if formulated somewhat vague), my best guess after reset the driver is not supposed to perform 3.1.1 to the letter. I think frankly if we want dynamic features we should work on a mechanism that allows changing them without a system reset. @Michael I was talking abut normal virtio reset in (11). I think in Linux we have dynamic features without system reset today if a virtio device driver that is loaded as module gets replaced (e.g. rmmod/insmod new) with a more capable implementation of the same device driver. And I think the use-case that triggered this is the SRIOV feature, take a look at how that is handled across e.g. suspend/resume. (12) If I were to hibernate my PC and then, let's say replace my NIC with a different model, the hardware does not change assumption would not hold for a non-virtualized system either. I'm not sure this problem is ours to solve. Precisely and since we can't solve it, we warn people not to create this kind of configuration unless they know exactly what they are doing. @Michael I assume the various bus specifications don't bother to spell this out, and I doubt manuals of HW components do either. If our main goal is to warn the end user to not fiddle with the features of a hibernated VM (e.g. via libvirt domain xml), and hint that if the guest is going to get hibernated, he should better configure guest as migratable even if it's not (e.g. machine type, cpu model should not be moving target) I doubt the VIRTIO spec is the right place. IMHO neither QEMU nor KVM can detect the condition in question, and I don't think higher level management software can help either. That's why I say end-user. Hibernate is IMHO an OS concept, and I guess some OSes don't have the concept of hibernate. I see support for hibernate out of scope for the VIRTIO spec (much like migration). But since the VIRTIO spec is supposed to be helpful above all, I'm not opposed to a note that spells the warning out. I still oppose a device normative, as this does not seem to be something an implementer of the device should heed. And if we do want to place a note, it needs to be more direct. I could not figure out what is this about. I doubt end-users have better chances to. My conclusion is the following. I think constraining feature changes after system_reset is a bad idea. For 'normal' virtio reset some clarifications would be welcome, but this one does not seem to be a very good one. Regarding changing features, I think we are good enough with what we have today (both standard and implementation). However if we want to prohibit the features from changing after a reset in spite of my arguments presented here, IMHO we need a driver normative statement too. Regards, Halil Well the motion passed with 1 abstain and 5 in favor. Tiwei was the one who proposed it so as I already did this in the past, I'll wait a day or two for him to respond and let us know whether he'd like to drop the patch, but in absence of such a response I'll have to push the proposed wording. In that case you will need to put in a motion to revert, or make some other change on top. @Michael If I can not convince you, nor at least some of the committee people here I'm not willing to escalate this as a motion to revert. There is no point, as I'm running out of arguments. While I'm still not convinced that this is the way to go, I'm willing to bow my head in front of the opinion of the majority. It is not like including this would have tragic consequences. I think mustered a fair effort to form an opinion and defend it. Thus there is no shame in admitting defeat. If it would be better to drop this patch, I'm fine with dropping it. Thanks! @Tiwei Bie Thanks for your flexibility! What is your opinion (after considering the arguments from my previous mail), is it better to include this patch in the spec or is it better to drop it? Were you able to identify mistakes in my reasoning (I mean points (1)-(12))? Regards, Halil
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Mon, Jun 18, 2018 at 07:28:33PM +0300, Michael S. Tsirkin wrote: > On Mon, Jun 18, 2018 at 05:08:32PM +0200, Halil Pasic wrote: > > > > > > On 06/15/2018 05:37 PM, Michael S. Tsirkin wrote: > > > On Fri, Jun 15, 2018 at 05:16:10PM +0200, Halil Pasic wrote: > > > > > > > > > > > > On 06/15/2018 03:38 PM, Michael S. Tsirkin wrote: > > > > > On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: > > > > > > > > > > > > > > > > > > On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: > > > > > > > On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: > > > > > > > > > > > > > > > > > > > > > > > > On 06/11/2018 09:56 AM, Tiwei Bie wrote: > > > > > > > > > Suggested-by: Michael S. Tsirkin > > > > > > > > > Signed-off-by: Tiwei Bie > > > > > > > > > Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 > > > > > > > > > --- > > > > > > > > > v2: > > > > > > > > > - Refine the wording (Cornelia); > > > > > > > > > > > > > > > > > > v3: > > > > > > > > > - Refine the wording (MST); > > > > > > > > > > > > > > > > > > content.tex | 7 +++ > > > > > > > > > 1 file changed, 7 insertions(+) > > > > > > > > > > > > > > > > > > diff --git a/content.tex b/content.tex > > > > > > > > > index f996fad..3c7d67d 100644 > > > > > > > > > --- a/content.tex > > > > > > > > > +++ b/content.tex > > > > > > > > > @@ -125,6 +125,13 @@ which was not offered. The device > > > > > > > > > SHOULD accept any valid subset > > > > > > > > > of features the driver accepts, otherwise it MUST fail > > > > > > > > > to set the > > > > > > > > > FEATURES_OK \field{device status} bit when the driver > > > > > > > > > writes it. > > > > > > > > > +If a device has successfully negotiated a set of features > > > > > > > > > +at least once (by accepting the FEATURES_OK \field{device > > > > > > > > > +status} bit during device initialization), then it SHOULD > > > > > > > > > +NOT fail re-negotiation of the same set of features after > > > > > > > > > +a device or system reset. Failure to do so would interfere > > > > > > > > > +with resuming from suspend and error recovery. > > > > > > > > > + > > > > > > > > > > > > > > > > > > > > > > > > Sorry people but I don't get it. I mean it is kind of reasonable > > > > > > > > to assume that with a given device and a given driver (given, > > > > > > > > i.e. > > > > > > > > nothing changes) the two will always negotiate the same features > > > > > > > > (including the extremal case where the negotiation fails). > > > > > > > > > > > > > > > > Either the device or a driver rolling a dice to make feature > > > > > > > > negotiation > > > > > > > > more fun seems quite unreasonable. So I assume this is not what > > > > > > > > we are > > > > > > > > bothering to soft prohibit here. > > > > > > > > > > > > > > > > So the interesting scenario seems to be when stuff changes. When > > > > > > > > migrating the implementation of the device could change. Or > > > > > > > > something > > > > > > > > changes regarding the resources used to provide the virtual > > > > > > > > device. > > > > > > > > > > > > > > > > But then, if the device really can not support the set of > > > > > > > > features > > > > > > > > it used to be able, I guess the SHOULD does not take effect (I > > > > > > > > guess > > > > > > > > that is the difference compared to MUST). > > > > > > > > > > > > > > > > Bottom line is: I tried to figure out what is this about, but I > > > > > > > > failed. > > > > > > > > I've read https://github.com/oasis-tcs/virtio-spec/issues/14 > > > > > > > > too but > > > > > > > > it did not click. I would appreciate some assistance. > > > > > > > > > > > > > > It's exactly what it says. Let's say you negotiated a feature and > > > > > > > then > > > > > > > device sets NEED_RESET. Driver must now reset the device and put > > > > > > > it > > > > > > > back in the same state it had before the reset, then resubmit > > > > > > > requests that were available but never used. > > > > > > > > > > > > > > What if any of the features changed? Device suddenly > > > > > > > needs to check for requests which do not match the > > > > > > > features. > > > > > > > > > > > > > > Suspend is similar: guests tend to assume hardware does not change > > > > > > > across suspend/resume, any changes tend to make resume fail. > > > > > > > > > > > > > > > > > > > Thank you very much! But it still does not answer why would a device > > > > > > want to do that (fail to negotiate a feature that it was able to > > > > > > negotiate before). So I'm still in the dark about what are we > > > > > > trading > > > > > > for what. > > > > > > > > > > It would be a mis-configured device. For example QEMU does not > > > > > migrate > > > > > the device features so if you misconfigure QEMU with different flags > > > > > on > > > > > source and destination (not a supported configuration), features might > > > > > seem to change from guest POV. > > > > > > > > >
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Mon, Jun 18, 2018 at 05:08:32PM +0200, Halil Pasic wrote: > > > On 06/15/2018 05:37 PM, Michael S. Tsirkin wrote: > > On Fri, Jun 15, 2018 at 05:16:10PM +0200, Halil Pasic wrote: > > > > > > > > > On 06/15/2018 03:38 PM, Michael S. Tsirkin wrote: > > > > On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: > > > > > > > > > > > > > > > On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: > > > > > > On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: > > > > > > > > > > > > > > > > > > > > > On 06/11/2018 09:56 AM, Tiwei Bie wrote: > > > > > > > > Suggested-by: Michael S. Tsirkin > > > > > > > > Signed-off-by: Tiwei Bie > > > > > > > > Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 > > > > > > > > --- > > > > > > > > v2: > > > > > > > > - Refine the wording (Cornelia); > > > > > > > > > > > > > > > > v3: > > > > > > > > - Refine the wording (MST); > > > > > > > > > > > > > > > > content.tex | 7 +++ > > > > > > > > 1 file changed, 7 insertions(+) > > > > > > > > > > > > > > > > diff --git a/content.tex b/content.tex > > > > > > > > index f996fad..3c7d67d 100644 > > > > > > > > --- a/content.tex > > > > > > > > +++ b/content.tex > > > > > > > > @@ -125,6 +125,13 @@ which was not offered. The device SHOULD > > > > > > > > accept any valid subset > > > > > > > > of features the driver accepts, otherwise it MUST fail to > > > > > > > > set the > > > > > > > > FEATURES_OK \field{device status} bit when the driver > > > > > > > > writes it. > > > > > > > > +If a device has successfully negotiated a set of features > > > > > > > > +at least once (by accepting the FEATURES_OK \field{device > > > > > > > > +status} bit during device initialization), then it SHOULD > > > > > > > > +NOT fail re-negotiation of the same set of features after > > > > > > > > +a device or system reset. Failure to do so would interfere > > > > > > > > +with resuming from suspend and error recovery. > > > > > > > > + > > > > > > > > > > > > > > > > > > > > > Sorry people but I don't get it. I mean it is kind of reasonable > > > > > > > to assume that with a given device and a given driver (given, i.e. > > > > > > > nothing changes) the two will always negotiate the same features > > > > > > > (including the extremal case where the negotiation fails). > > > > > > > > > > > > > > Either the device or a driver rolling a dice to make feature > > > > > > > negotiation > > > > > > > more fun seems quite unreasonable. So I assume this is not what > > > > > > > we are > > > > > > > bothering to soft prohibit here. > > > > > > > > > > > > > > So the interesting scenario seems to be when stuff changes. When > > > > > > > migrating the implementation of the device could change. Or > > > > > > > something > > > > > > > changes regarding the resources used to provide the virtual > > > > > > > device. > > > > > > > > > > > > > > But then, if the device really can not support the set of features > > > > > > > it used to be able, I guess the SHOULD does not take effect (I > > > > > > > guess > > > > > > > that is the difference compared to MUST). > > > > > > > > > > > > > > Bottom line is: I tried to figure out what is this about, but I > > > > > > > failed. > > > > > > > I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too > > > > > > > but > > > > > > > it did not click. I would appreciate some assistance. > > > > > > > > > > > > It's exactly what it says. Let's say you negotiated a feature and > > > > > > then > > > > > > device sets NEED_RESET. Driver must now reset the device and put it > > > > > > back in the same state it had before the reset, then resubmit > > > > > > requests that were available but never used. > > > > > > > > > > > > What if any of the features changed? Device suddenly > > > > > > needs to check for requests which do not match the > > > > > > features. > > > > > > > > > > > > Suspend is similar: guests tend to assume hardware does not change > > > > > > across suspend/resume, any changes tend to make resume fail. > > > > > > > > > > > > > > > > Thank you very much! But it still does not answer why would a device > > > > > want to do that (fail to negotiate a feature that it was able to > > > > > negotiate before). So I'm still in the dark about what are we trading > > > > > for what. > > > > > > > > It would be a mis-configured device. For example QEMU does not migrate > > > > the device features so if you misconfigure QEMU with different flags on > > > > source and destination (not a supported configuration), features might > > > > seem to change from guest POV. > > > > > > > > > > Do you mean set (or rather restrict) what QEMU calls the host_features? > > > > > > AFAIR there is no reset right after the migration. But yes if then there > > > is a reset and another migration. After a lots of thinking, it seems you > > > speak about the scenario I described in the answer to Tiwei Bie. But > > > there I also say that this
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On 06/15/2018 05:37 PM, Michael S. Tsirkin wrote: On Fri, Jun 15, 2018 at 05:16:10PM +0200, Halil Pasic wrote: On 06/15/2018 03:38 PM, Michael S. Tsirkin wrote: On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: On 06/11/2018 09:56 AM, Tiwei Bie wrote: Suggested-by: Michael S. Tsirkin Signed-off-by: Tiwei Bie Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 --- v2: - Refine the wording (Cornelia); v3: - Refine the wording (MST); content.tex | 7 +++ 1 file changed, 7 insertions(+) diff --git a/content.tex b/content.tex index f996fad..3c7d67d 100644 --- a/content.tex +++ b/content.tex @@ -125,6 +125,13 @@ which was not offered. The device SHOULD accept any valid subset of features the driver accepts, otherwise it MUST fail to set the FEATURES_OK \field{device status} bit when the driver writes it. +If a device has successfully negotiated a set of features +at least once (by accepting the FEATURES_OK \field{device +status} bit during device initialization), then it SHOULD +NOT fail re-negotiation of the same set of features after +a device or system reset. Failure to do so would interfere +with resuming from suspend and error recovery. + Sorry people but I don't get it. I mean it is kind of reasonable to assume that with a given device and a given driver (given, i.e. nothing changes) the two will always negotiate the same features (including the extremal case where the negotiation fails). Either the device or a driver rolling a dice to make feature negotiation more fun seems quite unreasonable. So I assume this is not what we are bothering to soft prohibit here. So the interesting scenario seems to be when stuff changes. When migrating the implementation of the device could change. Or something changes regarding the resources used to provide the virtual device. But then, if the device really can not support the set of features it used to be able, I guess the SHOULD does not take effect (I guess that is the difference compared to MUST). Bottom line is: I tried to figure out what is this about, but I failed. I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but it did not click. I would appreciate some assistance. It's exactly what it says. Let's say you negotiated a feature and then device sets NEED_RESET. Driver must now reset the device and put it back in the same state it had before the reset, then resubmit requests that were available but never used. What if any of the features changed? Device suddenly needs to check for requests which do not match the features. Suspend is similar: guests tend to assume hardware does not change across suspend/resume, any changes tend to make resume fail. Thank you very much! But it still does not answer why would a device want to do that (fail to negotiate a feature that it was able to negotiate before). So I'm still in the dark about what are we trading for what. It would be a mis-configured device. For example QEMU does not migrate the device features so if you misconfigure QEMU with different flags on source and destination (not a supported configuration), features might seem to change from guest POV. Do you mean set (or rather restrict) what QEMU calls the host_features? AFAIR there is no reset right after the migration. But yes if then there is a reset and another migration. After a lots of thinking, it seems you speak about the scenario I described in the answer to Tiwei Bie. But there I also say that this statement you add here is not good enough for that. Still puzzled. What would a good enough statement look like? I did some reading and some thinking on the weekend. AFAIU the situation is tricky. To mitigate that let me establish the terminology I'm going to use. For vm lifecycle I'm going to use the definitions form libvirt as defined by https://libvirt.org/guide/html/Application_Development_Guide-Guest_Domains-Lifecycle.html. You explained, the motivation for this addition to the VIRTIO specification is hibernate (aka suspend to disk). (1) AFAIU on hibernate the VM goes from 'running' to (most likely) 'defined'. The first step of the resume from hibernate is to start the VM. From the guest OS life-cycle perspective however we don't start a completely new cycle (like the VM life-cycle does) with complete re-initialization. After resuming form hibernate the system is expected to be put in essentially the same state (but not exactly) as it was before hibernate. (2) From VM (life-cycle) perspective we can not distinguish between a 'shutdown' as a part of a hibernate and a 'plain shutdown'. (3) Any rule we come up for a device (e.g. the normative statement proposed here) that regulates the effects of a 'system reset' that is a part of the hibernate cycle equally affects the normal shutdown-start cycle. (4) Any change in the negotiated
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On 06/15/2018 05:36 PM, Michael S. Tsirkin wrote: On Fri, Jun 15, 2018 at 04:21:32PM +0200, Halil Pasic wrote: On 06/15/2018 03:39 PM, Tiwei Bie wrote: On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: On 06/11/2018 09:56 AM, Tiwei Bie wrote: Suggested-by: Michael S. Tsirkin Signed-off-by: Tiwei Bie Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 --- v2: - Refine the wording (Cornelia); v3: - Refine the wording (MST); content.tex | 7 +++ 1 file changed, 7 insertions(+) diff --git a/content.tex b/content.tex index f996fad..3c7d67d 100644 --- a/content.tex +++ b/content.tex @@ -125,6 +125,13 @@ which was not offered. The device SHOULD accept any valid subset of features the driver accepts, otherwise it MUST fail to set the FEATURES_OK \field{device status} bit when the driver writes it. +If a device has successfully negotiated a set of features +at least once (by accepting the FEATURES_OK \field{device +status} bit during device initialization), then it SHOULD +NOT fail re-negotiation of the same set of features after +a device or system reset. Failure to do so would interfere +with resuming from suspend and error recovery. + Sorry people but I don't get it. I mean it is kind of reasonable to assume that with a given device and a given driver (given, i.e. nothing changes) the two will always negotiate the same features (including the extremal case where the negotiation fails). Either the device or a driver rolling a dice to make feature negotiation more fun seems quite unreasonable. So I assume this is not what we are bothering to soft prohibit here. So the interesting scenario seems to be when stuff changes. When migrating the implementation of the device could change. Or something changes regarding the resources used to provide the virtual device. But then, if the device really can not support the set of features it used to be able, I guess the SHOULD does not take effect (I guess that is the difference compared to MUST). Bottom line is: I tried to figure out what is this about, but I failed. I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but it did not click. I would appreciate some assistance. It's exactly what it says. Let's say you negotiated a feature and then device sets NEED_RESET. Driver must now reset the device and put it back in the same state it had before the reset, then resubmit requests that were available but never used. What if any of the features changed? Device suddenly needs to check for requests which do not match the features. Suspend is similar: guests tend to assume hardware does not change across suspend/resume, any changes tend to make resume fail. Thank you very much! But it still does not answer why would a device want to do that (fail to negotiate a feature that it was able to negotiate before). So I'm still in the dark about what are we trading for what. Hi Halil, Just like what you said, normally there is no reason for a device to fail to negotiate a feature that it was able to negotiate before. But the spec doesn't forbid devices to do this , i.e. the spec allows a device to fail to negotiate a feature that it was able to negotiate before, which could cause problems in some cases. Although everything works fine in reality because there is no device would really do this, it would be better to make spec to explicitly forbid devices to do this in the necessary cases. Best regards, Tiwei Bie I think we have most of it already covered with 'The device SHOULD accept any valid subset of features the driver accepts'. IMHO what we add with your proposed normative statement is that if the device used to offer a feature bit it SHOULD keep offering it. That's clearly not covered by the by what I've cited. But it's kind of covered by a non-normative statement 'Each virtio device offers all the features it understands.' Well one has to squint very hard to understand it. And note that "understands" is not the same as "supports". Device can still fail to set FEATURES_OK. But I guess it should not. I don't know what is the driver supposed to do in the scenario you describe: The device offered me (the driver) a set of features, I the driver accepted them *all*. The device failed to set FEATURES_OK, because there was *one feature that it "understands" but does not "support". Should I (the driver) start a backtracking feature negotiation to figure out the difference between "understands" and "supports". This seems most relevant in case of migration. That is device implementation S(ource) and device implementation T(arget) are migration compatible. But hey, features that are present in S and not present in T are of concern for migration compatibility. AFAIK the VIRTIO specification does not make claims about migration compatibility. So if I think QEMU, and somebody
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Fri, Jun 15, 2018 at 05:16:10PM +0200, Halil Pasic wrote: > > > On 06/15/2018 03:38 PM, Michael S. Tsirkin wrote: > > On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: > > > > > > > > > On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: > > > > On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: > > > > > > > > > > > > > > > On 06/11/2018 09:56 AM, Tiwei Bie wrote: > > > > > > Suggested-by: Michael S. Tsirkin > > > > > > Signed-off-by: Tiwei Bie > > > > > > Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 > > > > > > --- > > > > > > v2: > > > > > > - Refine the wording (Cornelia); > > > > > > > > > > > > v3: > > > > > > - Refine the wording (MST); > > > > > > > > > > > > content.tex | 7 +++ > > > > > > 1 file changed, 7 insertions(+) > > > > > > > > > > > > diff --git a/content.tex b/content.tex > > > > > > index f996fad..3c7d67d 100644 > > > > > > --- a/content.tex > > > > > > +++ b/content.tex > > > > > > @@ -125,6 +125,13 @@ which was not offered. The device SHOULD > > > > > > accept any valid subset > > > > > > of features the driver accepts, otherwise it MUST fail to set > > > > > > the > > > > > > FEATURES_OK \field{device status} bit when the driver writes it. > > > > > > +If a device has successfully negotiated a set of features > > > > > > +at least once (by accepting the FEATURES_OK \field{device > > > > > > +status} bit during device initialization), then it SHOULD > > > > > > +NOT fail re-negotiation of the same set of features after > > > > > > +a device or system reset. Failure to do so would interfere > > > > > > +with resuming from suspend and error recovery. > > > > > > + > > > > > > > > > > > > > > > Sorry people but I don't get it. I mean it is kind of reasonable > > > > > to assume that with a given device and a given driver (given, i.e. > > > > > nothing changes) the two will always negotiate the same features > > > > > (including the extremal case where the negotiation fails). > > > > > > > > > > Either the device or a driver rolling a dice to make feature > > > > > negotiation > > > > > more fun seems quite unreasonable. So I assume this is not what we are > > > > > bothering to soft prohibit here. > > > > > > > > > > So the interesting scenario seems to be when stuff changes. When > > > > > migrating the implementation of the device could change. Or something > > > > > changes regarding the resources used to provide the virtual device. > > > > > > > > > > But then, if the device really can not support the set of features > > > > > it used to be able, I guess the SHOULD does not take effect (I guess > > > > > that is the difference compared to MUST). > > > > > > > > > > Bottom line is: I tried to figure out what is this about, but I > > > > > failed. > > > > > I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but > > > > > it did not click. I would appreciate some assistance. > > > > > > > > It's exactly what it says. Let's say you negotiated a feature and then > > > > device sets NEED_RESET. Driver must now reset the device and put it > > > > back in the same state it had before the reset, then resubmit > > > > requests that were available but never used. > > > > > > > > What if any of the features changed? Device suddenly > > > > needs to check for requests which do not match the > > > > features. > > > > > > > > Suspend is similar: guests tend to assume hardware does not change > > > > across suspend/resume, any changes tend to make resume fail. > > > > > > > > > > Thank you very much! But it still does not answer why would a device > > > want to do that (fail to negotiate a feature that it was able to > > > negotiate before). So I'm still in the dark about what are we trading > > > for what. > > > > It would be a mis-configured device. For example QEMU does not migrate > > the device features so if you misconfigure QEMU with different flags on > > source and destination (not a supported configuration), features might > > seem to change from guest POV. > > > > Do you mean set (or rather restrict) what QEMU calls the host_features? > > AFAIR there is no reset right after the migration. But yes if then there > is a reset and another migration. After a lots of thinking, it seems you > speak about the scenario I described in the answer to Tiwei Bie. But > there I also say that this statement you add here is not good enough for > that. Still puzzled. What would a good enough statement look like? > > > Is there somewhere a patch that fixes such a bug? Maybe that would > > > help me understand what can be done at the device to avoid the > > > problem. > > > > > > Regards, > > > Halil > > > > > > > > > > > > > > > > > \subsection{Legacy Interface: A Note on Feature > > > > > > Bits}\label{sec:Basic Facilities of a Virtio Device / Feature > > > > > > Bits / Legacy Interface: A Note on Feature Bits} > > > > > > > > > > > > > >
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Fri, Jun 15, 2018 at 04:21:32PM +0200, Halil Pasic wrote: > > > On 06/15/2018 03:39 PM, Tiwei Bie wrote: > > On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: > > > On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: > > > > On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: > > > > > > > > > > > > > > > On 06/11/2018 09:56 AM, Tiwei Bie wrote: > > > > > > Suggested-by: Michael S. Tsirkin > > > > > > Signed-off-by: Tiwei Bie > > > > > > Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 > > > > > > --- > > > > > > v2: > > > > > > - Refine the wording (Cornelia); > > > > > > > > > > > > v3: > > > > > > - Refine the wording (MST); > > > > > > > > > > > > content.tex | 7 +++ > > > > > > 1 file changed, 7 insertions(+) > > > > > > > > > > > > diff --git a/content.tex b/content.tex > > > > > > index f996fad..3c7d67d 100644 > > > > > > --- a/content.tex > > > > > > +++ b/content.tex > > > > > > @@ -125,6 +125,13 @@ which was not offered. The device SHOULD > > > > > > accept any valid subset > > > > > > of features the driver accepts, otherwise it MUST fail to set > > > > > > the > > > > > > FEATURES_OK \field{device status} bit when the driver writes it. > > > > > > +If a device has successfully negotiated a set of features > > > > > > +at least once (by accepting the FEATURES_OK \field{device > > > > > > +status} bit during device initialization), then it SHOULD > > > > > > +NOT fail re-negotiation of the same set of features after > > > > > > +a device or system reset. Failure to do so would interfere > > > > > > +with resuming from suspend and error recovery. > > > > > > + > > > > > > > > > > > > > > > Sorry people but I don't get it. I mean it is kind of reasonable > > > > > to assume that with a given device and a given driver (given, i.e. > > > > > nothing changes) the two will always negotiate the same features > > > > > (including the extremal case where the negotiation fails). > > > > > > > > > > Either the device or a driver rolling a dice to make feature > > > > > negotiation > > > > > more fun seems quite unreasonable. So I assume this is not what we are > > > > > bothering to soft prohibit here. > > > > > > > > > > So the interesting scenario seems to be when stuff changes. When > > > > > migrating the implementation of the device could change. Or something > > > > > changes regarding the resources used to provide the virtual device. > > > > > > > > > > But then, if the device really can not support the set of features > > > > > it used to be able, I guess the SHOULD does not take effect (I guess > > > > > that is the difference compared to MUST). > > > > > > > > > > Bottom line is: I tried to figure out what is this about, but I > > > > > failed. > > > > > I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but > > > > > it did not click. I would appreciate some assistance. > > > > > > > > It's exactly what it says. Let's say you negotiated a feature and then > > > > device sets NEED_RESET. Driver must now reset the device and put it > > > > back in the same state it had before the reset, then resubmit > > > > requests that were available but never used. > > > > > > > > What if any of the features changed? Device suddenly > > > > needs to check for requests which do not match the > > > > features. > > > > > > > > Suspend is similar: guests tend to assume hardware > > > > does not change across suspend/resume, any changes > > > > tend to make resume fail. > > > > > > > > > > Thank you very much! But it still does not answer why would a device > > > want to do that (fail to negotiate a feature that it was able > > > to negotiate before). So I'm still in the dark about what are we > > > trading for what. > > > > Hi Halil, > > > > Just like what you said, normally there is no reason > > for a device to fail to negotiate a feature that it > > was able to negotiate before. But the spec doesn't > > forbid devices to do this , i.e. the spec allows a > > device to fail to negotiate a feature that it was > > able to negotiate before, which could cause problems > > in some cases. Although everything works fine in > > reality because there is no device would really do > > this, it would be better to make spec to explicitly > > forbid devices to do this in the necessary cases. > > > > Best regards, > > Tiwei Bie > > > > I think we have most of it already covered with 'The device SHOULD > accept any valid subset of features the driver accepts'. > > IMHO what we add with your proposed normative statement is that > if the device used to offer a feature bit it SHOULD keep offering it. > That's clearly not covered by the by what I've cited. > > But it's kind of covered by a non-normative statement 'Each virtio > device offers all the features it understands.' Well one has to squint very hard to understand it. And note that "understands" is not the same as "supports". Device can still fail to set FEATURES_OK. > This
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On 06/15/2018 03:38 PM, Michael S. Tsirkin wrote: On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: On 06/11/2018 09:56 AM, Tiwei Bie wrote: Suggested-by: Michael S. Tsirkin Signed-off-by: Tiwei Bie Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 --- v2: - Refine the wording (Cornelia); v3: - Refine the wording (MST); content.tex | 7 +++ 1 file changed, 7 insertions(+) diff --git a/content.tex b/content.tex index f996fad..3c7d67d 100644 --- a/content.tex +++ b/content.tex @@ -125,6 +125,13 @@ which was not offered. The device SHOULD accept any valid subset of features the driver accepts, otherwise it MUST fail to set the FEATURES_OK \field{device status} bit when the driver writes it. +If a device has successfully negotiated a set of features +at least once (by accepting the FEATURES_OK \field{device +status} bit during device initialization), then it SHOULD +NOT fail re-negotiation of the same set of features after +a device or system reset. Failure to do so would interfere +with resuming from suspend and error recovery. + Sorry people but I don't get it. I mean it is kind of reasonable to assume that with a given device and a given driver (given, i.e. nothing changes) the two will always negotiate the same features (including the extremal case where the negotiation fails). Either the device or a driver rolling a dice to make feature negotiation more fun seems quite unreasonable. So I assume this is not what we are bothering to soft prohibit here. So the interesting scenario seems to be when stuff changes. When migrating the implementation of the device could change. Or something changes regarding the resources used to provide the virtual device. But then, if the device really can not support the set of features it used to be able, I guess the SHOULD does not take effect (I guess that is the difference compared to MUST). Bottom line is: I tried to figure out what is this about, but I failed. I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but it did not click. I would appreciate some assistance. It's exactly what it says. Let's say you negotiated a feature and then device sets NEED_RESET. Driver must now reset the device and put it back in the same state it had before the reset, then resubmit requests that were available but never used. What if any of the features changed? Device suddenly needs to check for requests which do not match the features. Suspend is similar: guests tend to assume hardware does not change across suspend/resume, any changes tend to make resume fail. Thank you very much! But it still does not answer why would a device want to do that (fail to negotiate a feature that it was able to negotiate before). So I'm still in the dark about what are we trading for what. It would be a mis-configured device. For example QEMU does not migrate the device features so if you misconfigure QEMU with different flags on source and destination (not a supported configuration), features might seem to change from guest POV. Do you mean set (or rather restrict) what QEMU calls the host_features? AFAIR there is no reset right after the migration. But yes if then there is a reset and another migration. After a lots of thinking, it seems you speak about the scenario I described in the answer to Tiwei Bie. But there I also say that this statement you add here is not good enough for that. Still puzzled. Is there somewhere a patch that fixes such a bug? Maybe that would help me understand what can be done at the device to avoid the problem. Regards, Halil \subsection{Legacy Interface: A Note on Feature Bits}\label{sec:Basic Facilities of a Virtio Device / Feature Bits / Legacy Interface: A Note on Feature Bits} - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: > On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: > > On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: > > > > > > > > > On 06/11/2018 09:56 AM, Tiwei Bie wrote: > > > > Suggested-by: Michael S. Tsirkin > > > > Signed-off-by: Tiwei Bie > > > > Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 > > > > --- > > > > v2: > > > > - Refine the wording (Cornelia); > > > > > > > > v3: > > > > - Refine the wording (MST); > > > > > > > >content.tex | 7 +++ > > > >1 file changed, 7 insertions(+) > > > > > > > > diff --git a/content.tex b/content.tex > > > > index f996fad..3c7d67d 100644 > > > > --- a/content.tex > > > > +++ b/content.tex > > > > @@ -125,6 +125,13 @@ which was not offered. The device SHOULD accept > > > > any valid subset > > > >of features the driver accepts, otherwise it MUST fail to set the > > > >FEATURES_OK \field{device status} bit when the driver writes it. > > > > +If a device has successfully negotiated a set of features > > > > +at least once (by accepting the FEATURES_OK \field{device > > > > +status} bit during device initialization), then it SHOULD > > > > +NOT fail re-negotiation of the same set of features after > > > > +a device or system reset. Failure to do so would interfere > > > > +with resuming from suspend and error recovery. > > > > + > > > > > > > > > Sorry people but I don't get it. I mean it is kind of reasonable > > > to assume that with a given device and a given driver (given, i.e. > > > nothing changes) the two will always negotiate the same features > > > (including the extremal case where the negotiation fails). > > > > > > Either the device or a driver rolling a dice to make feature negotiation > > > more fun seems quite unreasonable. So I assume this is not what we are > > > bothering to soft prohibit here. > > > > > > So the interesting scenario seems to be when stuff changes. When > > > migrating the implementation of the device could change. Or something > > > changes regarding the resources used to provide the virtual device. > > > > > > But then, if the device really can not support the set of features > > > it used to be able, I guess the SHOULD does not take effect (I guess > > > that is the difference compared to MUST). > > > > > > Bottom line is: I tried to figure out what is this about, but I failed. > > > I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but > > > it did not click. I would appreciate some assistance. > > > > It's exactly what it says. Let's say you negotiated a feature and then > > device sets NEED_RESET. Driver must now reset the device and put it > > back in the same state it had before the reset, then resubmit > > requests that were available but never used. > > > > What if any of the features changed? Device suddenly > > needs to check for requests which do not match the > > features. > > > > Suspend is similar: guests tend to assume hardware > > does not change across suspend/resume, any changes > > tend to make resume fail. > > > > Thank you very much! But it still does not answer why would a device > want to do that (fail to negotiate a feature that it was able > to negotiate before). So I'm still in the dark about what are we > trading for what. Hi Halil, Just like what you said, normally there is no reason for a device to fail to negotiate a feature that it was able to negotiate before. But the spec doesn't forbid devices to do this , i.e. the spec allows a device to fail to negotiate a feature that it was able to negotiate before, which could cause problems in some cases. Although everything works fine in reality because there is no device would really do this, it would be better to make spec to explicitly forbid devices to do this in the necessary cases. Best regards, Tiwei Bie > > Is there somewhere a patch that fixes such a bug? Maybe that would > help me understand what can be done at the device to avoid the > problem. > > Regards, > Halil > > > > > > > > >\subsection{Legacy Interface: A Note on Feature > > > >Bits}\label{sec:Basic Facilities of a Virtio Device / Feature > > > >Bits / Legacy Interface: A Note on Feature Bits} > > > > > > > > - > > To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org > > For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org > > > - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Fri, Jun 15, 2018 at 02:42:58PM +0200, Halil Pasic wrote: > > > On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: > > On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: > > > > > > > > > On 06/11/2018 09:56 AM, Tiwei Bie wrote: > > > > Suggested-by: Michael S. Tsirkin > > > > Signed-off-by: Tiwei Bie > > > > Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 > > > > --- > > > > v2: > > > > - Refine the wording (Cornelia); > > > > > > > > v3: > > > > - Refine the wording (MST); > > > > > > > >content.tex | 7 +++ > > > >1 file changed, 7 insertions(+) > > > > > > > > diff --git a/content.tex b/content.tex > > > > index f996fad..3c7d67d 100644 > > > > --- a/content.tex > > > > +++ b/content.tex > > > > @@ -125,6 +125,13 @@ which was not offered. The device SHOULD accept > > > > any valid subset > > > >of features the driver accepts, otherwise it MUST fail to set the > > > >FEATURES_OK \field{device status} bit when the driver writes it. > > > > +If a device has successfully negotiated a set of features > > > > +at least once (by accepting the FEATURES_OK \field{device > > > > +status} bit during device initialization), then it SHOULD > > > > +NOT fail re-negotiation of the same set of features after > > > > +a device or system reset. Failure to do so would interfere > > > > +with resuming from suspend and error recovery. > > > > + > > > > > > > > > Sorry people but I don't get it. I mean it is kind of reasonable > > > to assume that with a given device and a given driver (given, i.e. > > > nothing changes) the two will always negotiate the same features > > > (including the extremal case where the negotiation fails). > > > > > > Either the device or a driver rolling a dice to make feature negotiation > > > more fun seems quite unreasonable. So I assume this is not what we are > > > bothering to soft prohibit here. > > > > > > So the interesting scenario seems to be when stuff changes. When > > > migrating the implementation of the device could change. Or something > > > changes regarding the resources used to provide the virtual device. > > > > > > But then, if the device really can not support the set of features > > > it used to be able, I guess the SHOULD does not take effect (I guess > > > that is the difference compared to MUST). > > > > > > Bottom line is: I tried to figure out what is this about, but I failed. > > > I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but > > > it did not click. I would appreciate some assistance. > > > > It's exactly what it says. Let's say you negotiated a feature and then > > device sets NEED_RESET. Driver must now reset the device and put it > > back in the same state it had before the reset, then resubmit > > requests that were available but never used. > > > > What if any of the features changed? Device suddenly > > needs to check for requests which do not match the > > features. > > > > Suspend is similar: guests tend to assume hardware does not change > > across suspend/resume, any changes tend to make resume fail. > > > > Thank you very much! But it still does not answer why would a device > want to do that (fail to negotiate a feature that it was able to > negotiate before). So I'm still in the dark about what are we trading > for what. It would be a mis-configured device. For example QEMU does not migrate the device features so if you misconfigure QEMU with different flags on source and destination (not a supported configuration), features might seem to change from guest POV. > Is there somewhere a patch that fixes such a bug? Maybe that would > help me understand what can be done at the device to avoid the > problem. > > Regards, > Halil > > > > > > > > >\subsection{Legacy Interface: A Note on Feature > > > >Bits}\label{sec:Basic Facilities of a Virtio Device / Feature > > > >Bits / Legacy Interface: A Note on Feature Bits} > > > > > > > > - > > To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org > > For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org > > - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On 06/15/2018 02:19 PM, Michael S. Tsirkin wrote: On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: On 06/11/2018 09:56 AM, Tiwei Bie wrote: Suggested-by: Michael S. Tsirkin Signed-off-by: Tiwei Bie Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 --- v2: - Refine the wording (Cornelia); v3: - Refine the wording (MST); content.tex | 7 +++ 1 file changed, 7 insertions(+) diff --git a/content.tex b/content.tex index f996fad..3c7d67d 100644 --- a/content.tex +++ b/content.tex @@ -125,6 +125,13 @@ which was not offered. The device SHOULD accept any valid subset of features the driver accepts, otherwise it MUST fail to set the FEATURES_OK \field{device status} bit when the driver writes it. +If a device has successfully negotiated a set of features +at least once (by accepting the FEATURES_OK \field{device +status} bit during device initialization), then it SHOULD +NOT fail re-negotiation of the same set of features after +a device or system reset. Failure to do so would interfere +with resuming from suspend and error recovery. + Sorry people but I don't get it. I mean it is kind of reasonable to assume that with a given device and a given driver (given, i.e. nothing changes) the two will always negotiate the same features (including the extremal case where the negotiation fails). Either the device or a driver rolling a dice to make feature negotiation more fun seems quite unreasonable. So I assume this is not what we are bothering to soft prohibit here. So the interesting scenario seems to be when stuff changes. When migrating the implementation of the device could change. Or something changes regarding the resources used to provide the virtual device. But then, if the device really can not support the set of features it used to be able, I guess the SHOULD does not take effect (I guess that is the difference compared to MUST). Bottom line is: I tried to figure out what is this about, but I failed. I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but it did not click. I would appreciate some assistance. It's exactly what it says. Let's say you negotiated a feature and then device sets NEED_RESET. Driver must now reset the device and put it back in the same state it had before the reset, then resubmit requests that were available but never used. What if any of the features changed? Device suddenly needs to check for requests which do not match the features. Suspend is similar: guests tend to assume hardware does not change across suspend/resume, any changes tend to make resume fail. Thank you very much! But it still does not answer why would a device want to do that (fail to negotiate a feature that it was able to negotiate before). So I'm still in the dark about what are we trading for what. Is there somewhere a patch that fixes such a bug? Maybe that would help me understand what can be done at the device to avoid the problem. Regards, Halil \subsection{Legacy Interface: A Note on Feature Bits}\label{sec:Basic Facilities of a Virtio Device / Feature Bits / Legacy Interface: A Note on Feature Bits} - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On Fri, Jun 15, 2018 at 02:10:11PM +0200, Halil Pasic wrote: > > > On 06/11/2018 09:56 AM, Tiwei Bie wrote: > > Suggested-by: Michael S. Tsirkin > > Signed-off-by: Tiwei Bie > > Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 > > --- > > v2: > > - Refine the wording (Cornelia); > > > > v3: > > - Refine the wording (MST); > > > > content.tex | 7 +++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/content.tex b/content.tex > > index f996fad..3c7d67d 100644 > > --- a/content.tex > > +++ b/content.tex > > @@ -125,6 +125,13 @@ which was not offered. The device SHOULD accept any > > valid subset > > of features the driver accepts, otherwise it MUST fail to set the > > FEATURES_OK \field{device status} bit when the driver writes it. > > +If a device has successfully negotiated a set of features > > +at least once (by accepting the FEATURES_OK \field{device > > +status} bit during device initialization), then it SHOULD > > +NOT fail re-negotiation of the same set of features after > > +a device or system reset. Failure to do so would interfere > > +with resuming from suspend and error recovery. > > + > > > Sorry people but I don't get it. I mean it is kind of reasonable > to assume that with a given device and a given driver (given, i.e. > nothing changes) the two will always negotiate the same features > (including the extremal case where the negotiation fails). > > Either the device or a driver rolling a dice to make feature negotiation > more fun seems quite unreasonable. So I assume this is not what we are > bothering to soft prohibit here. > > So the interesting scenario seems to be when stuff changes. When > migrating the implementation of the device could change. Or something > changes regarding the resources used to provide the virtual device. > > But then, if the device really can not support the set of features > it used to be able, I guess the SHOULD does not take effect (I guess > that is the difference compared to MUST). > > Bottom line is: I tried to figure out what is this about, but I failed. > I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but > it did not click. I would appreciate some assistance. It's exactly what it says. Let's say you negotiated a feature and then device sets NEED_RESET. Driver must now reset the device and put it back in the same state it had before the reset, then resubmit requests that were available but never used. What if any of the features changed? Device suddenly needs to check for requests which do not match the features. Suspend is similar: guests tend to assume hardware does not change across suspend/resume, any changes tend to make resume fail. > > > \subsection{Legacy Interface: A Note on Feature > > Bits}\label{sec:Basic Facilities of a Virtio Device / Feature > > Bits / Legacy Interface: A Note on Feature Bits} > > - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org
Re: [virtio-dev] [PATCH v3] content: enhance device requirements for feature bits
On 06/11/2018 09:56 AM, Tiwei Bie wrote: Suggested-by: Michael S. Tsirkin Signed-off-by: Tiwei Bie Fixes: https://github.com/oasis-tcs/virtio-spec/issues/14 --- v2: - Refine the wording (Cornelia); v3: - Refine the wording (MST); content.tex | 7 +++ 1 file changed, 7 insertions(+) diff --git a/content.tex b/content.tex index f996fad..3c7d67d 100644 --- a/content.tex +++ b/content.tex @@ -125,6 +125,13 @@ which was not offered. The device SHOULD accept any valid subset of features the driver accepts, otherwise it MUST fail to set the FEATURES_OK \field{device status} bit when the driver writes it. +If a device has successfully negotiated a set of features +at least once (by accepting the FEATURES_OK \field{device +status} bit during device initialization), then it SHOULD +NOT fail re-negotiation of the same set of features after +a device or system reset. Failure to do so would interfere +with resuming from suspend and error recovery. + Sorry people but I don't get it. I mean it is kind of reasonable to assume that with a given device and a given driver (given, i.e. nothing changes) the two will always negotiate the same features (including the extremal case where the negotiation fails). Either the device or a driver rolling a dice to make feature negotiation more fun seems quite unreasonable. So I assume this is not what we are bothering to soft prohibit here. So the interesting scenario seems to be when stuff changes. When migrating the implementation of the device could change. Or something changes regarding the resources used to provide the virtual device. But then, if the device really can not support the set of features it used to be able, I guess the SHOULD does not take effect (I guess that is the difference compared to MUST). Bottom line is: I tried to figure out what is this about, but I failed. I've read https://github.com/oasis-tcs/virtio-spec/issues/14 too but it did not click. I would appreciate some assistance. \subsection{Legacy Interface: A Note on Feature Bits}\label{sec:Basic Facilities of a Virtio Device / Feature Bits / Legacy Interface: A Note on Feature Bits} - To unsubscribe, e-mail: virtio-dev-unsubscr...@lists.oasis-open.org For additional commands, e-mail: virtio-dev-h...@lists.oasis-open.org