Re: [PATCH] virtio-balloon spec: provide a version of the "silent deflate" feature that works

From: Rusty Russell
Date: Fri Sep 07 2012 - 02:44:36 EST


"Michael S. Tsirkin" <mst@xxxxxxxxxx> writes:

> On Fri, Sep 07, 2012 at 09:15:46AM +0930, Rusty Russell wrote:
>> Paolo Bonzini <pbonzini@xxxxxxxxxx> writes:
>> > Instead, VIRTIO_NET_F_HOST_MUST_SEND_GARP would be a "negative" feature:
>> > if set, the host _may not_ rely on the guest to send a gARP. Similarly
>> > if VIRTIO_BALLOON_F_MUST_TELL_HOST is set, the guest _may not_ use
>> > ballooned pages directly.
>> >
>> > There are _no_ other negative features besides
>> > VIRTIO_BALLOON_F_MUST_TELL_HOST in the spec, and for a good
>> > reason---because they're broken.
>> >
>> > (Hmm, actually we have one, VIRTIO_BLK_F_RO. It is also a bit broken,
>> > but it is not so important because it depends on user input more than
>> > hypervisor version).
>>
>> Yes, this is the key observation, and an important lesson for the
>> future. Thanks!
>> Note that these two negative features were in the original spec, where
>> it's assumed that every device supports them. That's not explicitly
>> documented, however.
>
> I'm curious what would we do for the future? I tried to imagine that _RO
> was not in the original spec, so virtio-blk expects a r/w device.
> Now we can not add _RW - old hypervisors do not set it, and old
> drivers do not ack it.
> What would a new flag with equivalent functionality be?

Backwards compatibility in the R/O case would actually work: just fail
writes. Because it's just friendly advice to the OS, really.

The final test is always: does it break users? If there are no users
who will notice, we can do anything. If there are users, we have to
keep backwards compatibility, and that implies we can't add "must know"
features.

> So it looks like a bug: we should teach driver to tell host first on leak?
> Yan, Vadim, can you comment please?
>
> Also if true, looks like this bit will be useful to detect a fixed driver on
> the hypervisor side - to avoid unmapping such pages? Rusty what do you
> think?

So, feature is unimplemented in qemu, and broken in drivers. I starting
to share Paolo's dislike of it.

Don't understand why we'd care about fixed drivers though, if we remove
the feature bit....

Cheers,
Rusty.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/