Re: [PATCH mlx5-next 2/7] vfio: Add an API to check migration state transition validity

From: Jason Gunthorpe
Date: Wed Sep 29 2021 - 19:21:23 EST

Next message: Mike Kravetz: "Re: [PATCH v2 2/4] hugetlb: add HPageCma flag and code to free non-gigantic pages in CMA"
Previous message: Rob Clark: "Re: [PATCH v4 00/24] drm/bridge: Make panel and bridge probe order consistent"
In reply to: Alex Williamson: "Re: [PATCH mlx5-next 2/7] vfio: Add an API to check migration state transition validity"
Next in thread: Max Gurtovoy: "Re: [PATCH mlx5-next 2/7] vfio: Add an API to check migration state transition validity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 30, 2021 at 12:48:55AM +0300, Max Gurtovoy wrote:
>
> On 9/29/2021 7:14 PM, Jason Gunthorpe wrote:
> > On Wed, Sep 29, 2021 at 06:28:44PM +0300, Max Gurtovoy wrote:
> >
> > > > So you have a device that's actively modifying its internal state,
> > > > performing I/O, including DMA (thereby dirtying VM memory), all while
> > > > in the _STOP state? And you don't see this as a problem?
> > > I don't see how is it different from vfio-pci situation.
> > vfio-pci provides no way to observe the migration state. It isn't
> > "000b"
>
> Alex said that there is a problem of compatibility.

Yes, when a vfio_device first opens it must be running - ie able to do
DMA and otherwise operational.

When we add the migration extension this cannot change, so after
open_device() the device should be operational.

The reported state in the migration region should accurately reflect
what the device is currently doing. If the device is operational then
it must report running, not stopped.

Thus a driver cannot just zero initalize the migration "registers",
they have to be accurate.

> > > Maybe we need to rename STOP state. We can call it READY or LIVE or
> > > NON_MIGRATION_STATE.
> > It was a poor choice to use 000b as stop, but it doesn't really
> > matter. The mlx5 driver should just pre-init this readable to running.
>
> I guess we can do it for this reason. There is no functional problem nor
> compatibility issue here as was mentioned.
>
> But still we need the kernel to track transitions. We don't want to allow
> moving from RESUMING to SAVING state for example. How this transition can be
> allowed ?

It seems semantically fine to me, as per Alex's note what will happen
is defined:

driver will see RESUMING toggle off so it will trigger a
de-serialization

driver will see SAVING toggled on so it will serialize the new state
(either the pre-copy state or the post-copy state dpending on the
running bit)

Depending on the running bit the device may or may not be woken up.

If de-serialization fails then the state goes to error and SAVING is
ignored.

The driver logic probably looks something like this:

// Running toggles off
if (oldstate & RUNNING != newstate & RUNNING && oldstate & RUNNING)
queice
freeze

// Resuming toggles off
if (oldstate & RESUMING != newstate & RESUMING && oldstate & RESUMING)
deserialize

// Saving toggles on
if (oldstate & SAVING != newstate & SAVING && newstate & SAVING)
if (!(newstate & RUNNING))
serialize post copy

// Running toggles on
if (oldstate & RUNNING != newstate & RUNNING && newstate & RUNNING)
unfreeze
unqueice

I'd have to check that carefully against the state chart from my last
email though..

And need to check how the "Stop Active Transactions" bit fits in there

Jason

Next message: Mike Kravetz: "Re: [PATCH v2 2/4] hugetlb: add HPageCma flag and code to free non-gigantic pages in CMA"
Previous message: Rob Clark: "Re: [PATCH v4 00/24] drm/bridge: Make panel and bridge probe order consistent"
In reply to: Alex Williamson: "Re: [PATCH mlx5-next 2/7] vfio: Add an API to check migration state transition validity"
Next in thread: Max Gurtovoy: "Re: [PATCH mlx5-next 2/7] vfio: Add an API to check migration state transition validity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]