Re: [PATCH] migration: Don't free the reason after calling migrate_add_blocker

[Markus Armbruster <armbru@redhat.com>]

Daniel P. Berrangé <berrange@redhat.com> writes:

> On Fri, Oct 24, 2025 at 03:15:05PM -0300, Fabiano Rosas wrote:
>> Daniel P. Berrangé <berrange@redhat.com> writes:
>> > IMHO we should not even be using an Error object for the the blocker.
>> > AFAICT, internally all we care about is the formatted string. The main
>> > reason for using an Error object appears to be to have a convenient
>> > pointer to use as an identifier to later pass to del_blocker.
>> >
>> > I'd be inclined to just have passed in a fixed string, and return an
>> > integer identifier for the blocker. eg
>> >
>> >     int64 migrate_add_blocker(const char *reason, Error **errp);
>> >
>> >     void migrate_del_blocker(int64 blockerid);
>> >
>> > The migrate_add_blocker method would strdup(reason) to keep its own
>> > copy.
>> >
>> > The usage would thus be clear & simple:
>> >
>> >     int64 blockerid = migrate_add_blocker("cannot migrate vfio", errp);
>> >     if (!blockerid) {
>> >          return;
>> >     }
>> >
>> >     ... some time later...
>> >
>> >     migrate_del_blocker(blockerid);
>> >
>> >
>> > In some cases we needed dynamically formatted strings, which could have
>> > been achieved thus:
>> >
>> >     g_autofree char *msg = g_strdup_printf("cannot migrate vfio %d", blah);
>> >     int64 blockerid = migrate_add_blocker(msg, errp);
>> >     ...the rest as above...
>> >
>> > yes, this costs an extra strdup(), but that is an acceptable & negligible
>> > overhead in the context in which we're doing this.
>> >
>> 
>> Hmm, I must disagree. This is more complex than what we have
>> today. Calling error_setg(err, "msg") is pretty standard, already gives
>> us formatting and keeps all (potentially) user-facing messages uniform.
>
> IMHO this usage in migration is not really about error reporting
> though, and the lifecycle ownership of the Error objects in this
> migration usage is very diferent from the typical lifecycle
> ownership of Error objects used in reporting errors, which I think
> leads to a surprising / unusual API.

I think a blocker interface where you pass the error to use when the
blocker blocks something is defensible.

Passing an error message or even a text snippet to be interpolated into
the error message would also be defensible.

We're using the former, and it has turned out to be confusing.  Less so
in the block layer, where we sensibly pass Error *.  More so in
migration, where we pass Error **.  Error ** is almost always used to
receive an error, so when we use it for something else, we risk
confusion.

>> Asking for people to deal with strings and storing an int64 in their
>> code is not improving the situation. Besides, the Error is already used
>> by the block layer when blocking operations, for instance. If anything
>> we should be integrating the two usages instead of inventing yet another
>> for the migration code. See:
>
> Yes, having a common API for these two similar use cases would be
> a useful thing. I'm just not convinced we should be (mis|re)using
> the Error object for either of these two situations.

I guess we could have a generic Blocker object instead of using Error
for the purpose.

In addition to an error message, an Error object has an error class
(rarely used remnant of the past), where in the source code the Error
object was created (reported to the user when handling &error_abort),
and an optional hint.  Is any of this useful for blockers?

>> replication.c:
>>   error_setg(&s->blocker,
>>              "Block device is in use by internal backup job");
>>   ...
>>   bdrv_op_block_all(top_bs, s->blocker);
>> 
>> block.c:
>>   void bdrv_op_block(BlockDriverState *bs, BlockOpType op, Error *reason)
>>   {
>>       BdrvOpBlocker *blocker;
>>       assert((int) op >= 0 && op < BLOCK_OP_TYPE_MAX);
>> 
>>       blocker = g_new0(BdrvOpBlocker, 1);
>>       blocker->reason = reason;
>>       QLIST_INSERT_HEAD(&bs->op_blockers[op], blocker, list);
>> }
>
>
> With regards,
> Daniel