From: Peter Xu <peterx@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>,
eduardo@habkost.net, marcel.apfelbaum@gmail.com,
philmd@linaro.org, wangyanan55@huawei.com, zhao1.liu@intel.com,
qemu-devel@nongnu.org, farosas@suse.de, jinpu.wang@ionos.com,
thuth@redhat.com, berrange@redhat.com
Subject: Re: [RFC PATCH] virtio-net: introduce strict peer feature check
Date: Thu, 13 Nov 2025 14:32:29 -0500 [thread overview]
Message-ID: <aRYyTeNNIPW_WIJW@x1.local> (raw)
In-Reply-To: <20251113124207-mutt-send-email-mst@kernel.org>
On Thu, Nov 13, 2025 at 12:46:55PM -0500, Michael S. Tsirkin wrote:
> failing to start a perfectly good qemu which used to work
> because you changed kernels is better than failing to migrate how?
>
I agree this is not pretty.
The very original proposal was having extra features to be OFF by default,
only allow explicit selections to enable them when the mgmt / user is aware
of the possible hosts to run on top. That'll guarantee:
(1) explicit failure whenever some unsupported cap is chosen on boot,
(2) default setup should always assume no kernel dependency hence booting
should be all fine,
(3) since all features will be by default OFF or selected by the user with
explicit cmdlines, VM ABI is guaranteed so that migration will work.
But unfortunately that proposal was rejected.
>
> graceful downgrade with old kernels is the basics of good userspace
> behaviour and has been for decades.
>
>
> sure, let's work on a solution, just erroring out is more about blaming
> the user. what is the user supposed to do when qemu fails to start?
This is indeed a good question. If with strict checks maybe we would at
least want to make sure we throw explicit messages to let user know what to
turn off.
>
>
> first, formulate what exactly do you want to enable.
>
>
>
> for example, you have a set of boxes and you want a set of flags
> to supply to guarantee qemu can migrate between them. is that it?
Yes I think that's the case.
That's also why I think the very original proposal still makes sense
(having all defaults OFF when dependent on kernel), because only the mgmt
knows the details about the cluster, so it may make more sense to select
from the top which has the full knowledge base, explicitly enable some sets
of features (not only network, but also CPU feature bits and else). Then
the mgmt boots the VM, also knows where it can migrate explicitly.
If all things are hidden then the mgmt is almost out of control of this.
That was rejected because there's the need to by default enable new
features if ever possible. In that case, IMHO Jason's soluion is spot on
where it sits in the middle ground of both, allowing both to happen
(auto-enable of new feats, while keeping VM ABI stablility).
So IIUC there will be a cluster, it may contain different groups of hosts,
each group should have similar setups so that VMs can freely migrate
between each other within the same group (but may not easily migratable
across groups?). But I don't think I know well on that part in practise.
Dan might be a great source of input from that level.
Thanks,
--
Peter Xu
next prev parent reply other threads:[~2025-11-13 19:39 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 2:01 [RFC PATCH] virtio-net: introduce strict peer feature check Jason Wang
2025-11-12 21:55 ` Peter Xu
2025-11-13 0:31 ` Jason Wang
2025-11-13 15:51 ` Peter Xu
2025-11-13 8:53 ` Daniel P. Berrangé
2025-11-13 15:58 ` Peter Xu
2025-11-13 16:09 ` Michael S. Tsirkin
2025-11-13 16:37 ` Peter Xu
2025-11-13 16:47 ` Michael S. Tsirkin
2025-11-13 17:12 ` Peter Xu
2025-11-13 17:46 ` Michael S. Tsirkin
2025-11-13 19:32 ` Peter Xu [this message]
2025-11-14 1:51 ` Jason Wang
2025-11-16 6:45 ` Michael S. Tsirkin
2025-11-19 2:06 ` Jason Wang
2025-11-19 6:31 ` Michael S. Tsirkin
2025-11-14 5:48 ` Thomas Huth
2025-11-14 9:53 ` Jinpu Wang
2025-11-14 15:47 ` Peter Xu
2025-11-14 1:32 ` Jason Wang
2025-11-16 6:52 ` Michael S. Tsirkin
2025-11-17 4:31 ` Jason Wang
2025-11-17 8:57 ` Michael S. Tsirkin
2025-11-19 2:49 ` Jason Wang
2025-11-19 8:07 ` Michael S. Tsirkin
2025-11-20 1:45 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aRYyTeNNIPW_WIJW@x1.local \
--to=peterx@redhat.com \
--cc=berrange@redhat.com \
--cc=eduardo@habkost.net \
--cc=farosas@suse.de \
--cc=jasowang@redhat.com \
--cc=jinpu.wang@ionos.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
--cc=wangyanan55@huawei.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).