Re: [Qemu-devel] [Qemu-block] Aborts in iotest 169

[Eric Blake <eblake@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1797 bytes --]

On 1/24/19 4:15 AM, Kevin Wolf wrote:

>> But how to fix Qemu not to crash? May be, forbid some transitions (FINISH_MIGRATE -> RUNNING),
>>   or at least error-out qmp_cont if runstate is  FINISH_MIGRATE?
> 

> I wonder whether the QAPI schema should have a field 'run-states' for
> commands, and by default we would only include states where the VM has
> ownership of its resources (e.g. images are activated) and which are not
> temporary states that are automatically left, like finish-migrate.

We already have 'allow-oob' and 'allow-preconfig' flags on a per-command
basis; you're basically proposing that we extend this mechanism for
marking other attributes of commands,...

> 
> Then the default for commands is to be rejected in "unusual" runstates
> where we're not expecting user intervention, and we must explicitly
> allow them if they are okay, in fact.
> 
> Instead of listing every obscure runstate, maybe we should really use
> categories of runstates instead:
> 
> 1. Running
> 2. Paused, owns all resources (like disk images)
> 3. Paused, doesn't own some resources (source VM after migration
>    completes, destination before migration completes)
> 4. Paused temporarily for internal reasons (e.g. finish-migrate,
>    restore-vm, save-vm)
> 
> Most commands should be okay with 1 and 2, but possibly not 3, and
> almost never 4.

...then enforcing that commands are only executed according to the
attributes they have (where the default attributes match categories 1
and 2, and commands have to opt-in if they are safe to run in category 3
or 4 just like they have to opt-in for preconfig or oob usage).


-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]