From: Steven Sistare <steven.sistare@oracle.com>
To: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>,
qemu-devel@nongnu.org
Cc: Peter Xu <peterx@redhat.com>, Fabiano Rosas <farosas@suse.de>,
David Hildenbrand <david@redhat.com>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Eduardo Habkost <eduardo@habkost.net>,
Philippe Mathieu-Daude <philmd@linaro.org>,
Paolo Bonzini <pbonzini@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>,
Markus Armbruster <armbru@redhat.com>
Subject: Re: [PATCH V7 00/24] Live update: cpr-transfer
Date: Wed, 9 Apr 2025 13:48:13 -0400 [thread overview]
Message-ID: <024c7687-42a2-4d90-a91b-f1ff27dc34bb@oracle.com> (raw)
In-Reply-To: <631d25f6-b37a-480e-a178-06f66033018b@yandex-team.ru>
On 4/9/2025 12:22 PM, Vladimir Sementsov-Ogievskiy wrote:
>
> On 15.01.25 22:00, Steve Sistare wrote:
>> This patch series implements a minimal version of cpr-transfer. Additional
>> series are ready to be posted to deliver the complete vision described
>> above, including
>> * vfio
>> * chardev
>> * vhost and tap
>> * blockers
>> * cpr-exec mode
>
> Hi Steve. First, great congratulations with finally landed cpr-transfer! I saw the history of Live Update series was started overly five years ago.
Thanks! It's been a marathon, not a sprint.
> I've some questions, hope it's not much trouble for you.
>
> 1. We consider porting cpr-transver + vfio part of your "Live update: vfio and iommufd" to our downstream QEMU, based on v7.2. What do you think? I mean, may be you may quickly answer "don't try, you'll have to bring more than 100 commits from different series", or visa-versa "we have downstream based on 7.2 too, so it's possible" (OK, seems the latter answer is not possible, as iommufd code just absent in v7.2).
I have not tried it, but I think this is feasible if you omit the iommufd patches.
You will also need some of the cpr-reboot patches (like mode-specific migration
blockers) which did not appear until qemu 8.2.
> 2. About cpr-exec. Do you plan resending it in future? The solution is interesting for us, as it simplifies management a lot.
I agree! I made that argument when I submitted it. Perhaps your +1 will add
enough critical mass to get it accepted next time. I do plan to resubmit it later.
> I read the discussion on cpr-exec, seems the main problem was the security constraint, that we don't want to allow exec call in seccomp profile. Didn't you consider a variant with loding the library instead of exec?
>
> I mean:
>
> - turn the whole QEMU into library, which may be dynamically loaded. Recently there was a question how to do it, and the answer contained an example patch: https://github.com/pbo-linaro/qemu/commit/fbb39cc64f77d4bf1e5e50795c75b62735bf5c5f
>
> - and make a simple wrapper process for that library, which also is a container for migration state (including file descriptors), during live update.
>
> Benefits:
>
> - no execve, and we just need to add pattern for "qemu library" paths to apparmor profile
>
> - probably, we can load new library _before_ starting the migration, reducing freeze-time of migration - more like migration with two processes
I have not considered that. A colleague suggested something similar -- loading the
new qemu binary in memory and implementing exec in userland. No doubt either
method would be a non-trivial amount of work, versus cpr-exec which already works :)
Personally I don't think that requiring exec is a show stopper. If qemu is deployed in
a container environment, then the potential targets of an exec can be limited by the
container walls.
- Steve
next prev parent reply other threads:[~2025-04-09 17:49 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-15 19:00 [PATCH V7 00/24] Live update: cpr-transfer Steve Sistare
2025-01-15 19:00 ` [PATCH V7 01/24] backends/hostmem-shm: factor out allocation of "anonymous shared memory with an fd" Steve Sistare
2025-01-15 19:00 ` [PATCH V7 02/24] physmem: fix qemu_ram_alloc_from_fd size calculation Steve Sistare
2025-01-15 19:00 ` [PATCH V7 03/24] physmem: qemu_ram_alloc_from_fd extensions Steve Sistare
2025-01-15 19:00 ` [PATCH V7 04/24] physmem: fd-based shared memory Steve Sistare
2025-01-15 19:00 ` [PATCH V7 05/24] memory: add RAM_PRIVATE Steve Sistare
2025-01-15 19:00 ` [PATCH V7 06/24] machine: aux-ram-share option Steve Sistare
2025-01-15 19:00 ` [PATCH V7 07/24] migration: cpr-state Steve Sistare
2025-01-15 19:00 ` [PATCH V7 08/24] physmem: preserve ram blocks for cpr Steve Sistare
2025-01-15 19:00 ` [PATCH V7 09/24] hostmem-memfd: preserve " Steve Sistare
2025-01-15 19:00 ` [PATCH V7 10/24] hostmem-shm: " Steve Sistare
2025-01-15 19:00 ` [PATCH V7 11/24] migration: enhance migrate_uri_parse Steve Sistare
2025-01-15 19:00 ` [PATCH V7 12/24] migration: incoming channel Steve Sistare
2025-01-15 19:00 ` [PATCH V7 13/24] migration: SCM_RIGHTS for QEMUFile Steve Sistare
2025-01-15 19:00 ` [PATCH V7 14/24] migration: VMSTATE_FD Steve Sistare
2025-01-15 19:00 ` [PATCH V7 15/24] migration: cpr-transfer save and load Steve Sistare
2025-01-15 19:00 ` [PATCH V7 16/24] migration: cpr-transfer mode Steve Sistare
2025-01-29 6:23 ` Markus Armbruster
2025-01-15 19:00 ` [PATCH V7 17/24] migration-test: memory_backend Steve Sistare
2025-01-15 19:00 ` [PATCH V7 18/24] tests/qtest: optimize migrate_set_ports Steve Sistare
2025-01-15 19:00 ` [PATCH V7 19/24] tests/qtest: defer connection Steve Sistare
2025-01-15 19:00 ` [PATCH V7 20/24] migration-test: " Steve Sistare
2025-01-15 19:00 ` [PATCH V7 21/24] tests/qtest: enhance migration channels Steve Sistare
2025-01-15 19:00 ` [PATCH V7 22/24] tests/qtest: assert qmp connected Steve Sistare
2025-01-15 19:00 ` [PATCH V7 23/24] migration-test: cpr-transfer Steve Sistare
2025-01-16 19:06 ` Fabiano Rosas
2025-01-16 19:37 ` Steven Sistare
2025-01-16 20:02 ` Fabiano Rosas
2025-01-16 20:15 ` Steven Sistare
2025-01-15 19:00 ` [PATCH V7 24/24] migration: cpr-transfer documentation Steve Sistare
2025-01-17 14:42 ` Fabiano Rosas
2025-01-17 15:04 ` Steven Sistare
2025-01-17 15:29 ` Fabiano Rosas
2025-01-17 16:58 ` Steven Sistare
2025-01-17 19:06 ` Fabiano Rosas
2025-01-17 19:32 ` Steven Sistare
2025-01-17 20:04 ` Fabiano Rosas
2025-01-27 15:39 ` [PATCH V7 00/24] Live update: cpr-transfer Fabiano Rosas
2025-01-28 21:20 ` Steven Sistare
2025-01-29 6:24 ` Markus Armbruster
2025-04-09 16:22 ` Vladimir Sementsov-Ogievskiy
2025-04-09 17:48 ` Steven Sistare [this message]
2025-04-09 18:06 ` Vladimir Sementsov-Ogievskiy
2025-04-09 17:50 ` Vladimir Sementsov-Ogievskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=024c7687-42a2-4d90-a91b-f1ff27dc34bb@oracle.com \
--to=steven.sistare@oracle.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=david@redhat.com \
--cc=eduardo@habkost.net \
--cc=farosas@suse.de \
--cc=marcel.apfelbaum@gmail.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=vsementsov@yandex-team.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).