From: Peter Xu <peterx@redhat.com>
To: "Chaney, Ben" <bchaney@akamai.com>
Cc: "berrange@redhat.com" <berrange@redhat.com>,
"farosas@suse.de" <farosas@suse.de>,
"armbru@redhat.com" <armbru@redhat.com>,
"mark.kanda@oracle.com" <mark.kanda@oracle.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"Hunt, Joshua" <johunt@akamai.com>,
"Tottenham, Max" <mtottenh@akamai.com>,
"Hudson, Nick" <nhudson@akamai.com>
Subject: Re: [PATCH] migration: cpr socket permissions fix
Date: Thu, 11 Dec 2025 14:12:54 -0500 [thread overview]
Message-ID: <aTsXtmUVP1TfRZaS@x1.local> (raw)
In-Reply-To: <3DC0D610-FDC3-47CC-83F0-BC9CD470E972@akamai.com>
On Thu, Dec 11, 2025 at 06:42:05PM +0000, Chaney, Ben wrote:
>
>
> On 12/9/25, 1:55 PM, "Peter Xu" <peterx@redhat.com <mailto:peterx@redhat.com>> wrote:
>
> > On Mon, Dec 08, 2025 at 07:32:41PM +0000, Chaney, Ben wrote:
> > >
> > > On 12/5/25, 10:13 AM, "Peter Xu" <peterx@redhat.com <mailto:peterx@redhat.com> <mailto:peterx@redhat.com <mailto:peterx@redhat.com>>> wrote:
> > >
> > >
> > > > Maybe you can stick with -incoming defer, then it'll be after step [3],
> > > > which will inherit the modified uid, and mgmt doesn't need to bother
> > > > monitoring.
> > >
> > > I tried this approach, but It doesn't look like it is possible to create the
> > > cprsocket later with -incoming defer.
> >
> >
> > You'll still need to chmod for the cpr socket. "defer" will still help the
> > main channel to be created with the uid provided.
>
> Thanks for the pointers. I was able to get the incoming defer method
> working, but it has much worse performance than the other method.
>
> Would you be open to a solution where we chown only the migration
> sockets, or would that run into similar concerns?
We can evaluate, but before that, could you explain your current solution
first?
And, what is the performance you mentioned here that is worse?
I at least didn't expect it to be downtime, because IIUC what your mgmt
needs to do is to chmod on the cpr channel first (during which migration
hasn't started), then chmod once more on the main channel after CPR channel
migrated and before main channel migration happens (during which VM should
be running on src), hence it should have nothing to do with downtime.
Thanks,
--
Peter Xu
next prev parent reply other threads:[~2025-12-11 19:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-20 18:57 [PATCH] migration: cpr socket permissions fix Ben Chaney
2025-11-21 16:07 ` Peter Xu
2025-11-21 16:54 ` Daniel P. Berrangé
2025-12-04 20:05 ` Chaney, Ben
2025-12-05 15:13 ` Peter Xu
2025-12-08 19:32 ` Chaney, Ben
2025-12-09 18:54 ` Peter Xu
2025-12-11 18:42 ` Chaney, Ben
2025-12-11 19:12 ` Peter Xu [this message]
2025-12-11 20:44 ` Chaney, Ben
2025-12-11 21:14 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aTsXtmUVP1TfRZaS@x1.local \
--to=peterx@redhat.com \
--cc=armbru@redhat.com \
--cc=bchaney@akamai.com \
--cc=berrange@redhat.com \
--cc=farosas@suse.de \
--cc=johunt@akamai.com \
--cc=mark.kanda@oracle.com \
--cc=mtottenh@akamai.com \
--cc=nhudson@akamai.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).