Peter Xu <[email protected]> writes:
> On Thu, Jan 08, 2026 at 05:27:37PM -0300, Fabiano Rosas wrote:
>> Peter Xu <[email protected]> writes:
>>
>> > Migration module was there for 10+ years. Initially, it was in most cases
>> > based on coroutines. As more features were added into the framework, like
>> > postcopy, multifd, etc.. it became a mixture of threads and coroutines.
>> >
>> > I'm guessing coroutines just can't fix all issues that migration want to
>> > resolve.
>> >
>> > After all these years, migration is now heavily based on a threaded model.
>> >
>> > Now there's still a major part of migration framework that is still not
>> > thread-based, which is precopy load. We do load in a separate thread in
>> > postcopy since the 1st day postcopy was introduced, however that requires a
>> > separate state transition from precopy loading all devices first, which
>> > still happens in the main thread of a coroutine.
>> >
>> > This patch tries to move the migration incoming side to be run inside a
>> > separate thread (mig/dst/main) just like the src (mig/src/main). The
>> > entrance to be migration_incoming_thread().
>> >
>> > Quite a few things are needed to make it fly.. One note here is we need to
>> > change all these things in one patch to not break anything. The other way
>> > to do this is add code to make all paths (that this patch touched) be ready
>> > for either coroutine or thread. That may cause confusions in another way.
>> > So reviewers, please take my sincere apology on the hardness of reviewing
>> > this patch: it covers a few modules at the same time, and with some risky
>> > changes.
>> >
>> > BQL Analysis
>> > ============
>> >
>> > Firstly, when moving it over to the thread, it means the thread cannot take
>> > BQL during the whole process of loading anymore, because otherwise it can
>> > block main thread from using the BQL for all kinds of other concurrent
>> > tasks (for example, processing QMP / HMP commands).
>> >
>> > Here the first question to ask is: what needs BQL during precopy load, and
>> > what doesn't?
>> >
>>
>> I just noticed that the BQL held at process_incoming_migration_co is
>> also responsible for stopping qmp_migrate_set_capabilities from being
>> dispatched.
>
> I don't know if it is by design, or even if it will be guaranteed to work..
>
Regardless, we shouldn't rely on the BQL for this. The BQL should be
left as last resort for things that interact across subsystems. If
someone is issuing a migration command during a migration, the migration
code is exquisitely positioned to handle that itself.
> Consider the migration incoming rocoutine runs into qemu_get_byte(), and
> then proactively yield the migration coroutine (qemu_coroutine_yield())
> when the incoming port is blocked on read..
>
> AFAIU, a proper fix for that (note, this will currently break tests) is:
>
> bool migration_is_running(void)
> {
> - MigrationState *s = current_migration;
> + MigrationStatus state;
>
> - if (!s) {
> - return false;
> + if (runstate_check(RUN_STATE_INMIGRATE)) {
> + MigrationIncomingState *mis = migration_incoming_get_current();
> +
> + if (!mis) {
> + return false;
> + }
> +
> + state = mis->state;
> + } else {
> + MigrationState *s = migrate_get_current();
> +
> + if (!s) {
> + return false;
> + }
> +
> + state = s->state;
> }
>
> - switch (s->state) {
> + switch (state) {
> case MIGRATION_STATUS_ACTIVE:
> case MIGRATION_STATUS_POSTCOPY_DEVICE:
> case MIGRATION_STATUS_POSTCOPY_ACTIVE:
>
LGTM
>>
>> Any point during incoming migration when BQL is unlocked we have a
>> window where a capability could be changed. Same for parameters, for
>> that matter.
>>
>> To make matters worse, the -incoming cmdline will trigger
>> qmp_migrate_incoming->...->migration_transport_compatible early on, but
>> until the channels finally connect and process_incoming_migration_co
>> starts it's possible to just change a capability in an incompatible way
>> and the transport will never be validated again.
>
> Right. Above should fix it, but I believe it also means after "-incoming
> tcp:xxx" (or anything not "defer") we should forbid changing migration caps
> or params on destination.
>
Parameters are never forbidden, right? And we cannot forbid them with
is_running because some parameters are allowed to be changed while
running.
I feel we should have a more fine grained way of saying "this option
cannot be set at this moment", instead of just using the state as a
proxy. States can change, while the fact that from a certain point on,
certain options should not be touched anymore doesn't change.
Maybe a little infra like bdrv_op_is_blocked, i.e, a list of blocked
operations. It could be set in qmp_migrate and checked in
qmp_set_parameters/caps.
> As discussed above, that'll at least break our qtests. But frankly
> speaking I think that's the right thing to do.. I hope libvirt always
> works with "defer" and never update any caps/params after QMP
> migrate_incoming.
>
> So I wonder if I should continue with above patch, and then fix our qtests.
> Your work from the other "merge caps+params" might also work here,
> actually, if we make sure everything will be set alone with the QMP
> migrate_incoming single command.
>
For incoming, yes. And this is maybe a point in favor of adding the
'config'.
For outgoing, there's still the point I mentioned above about how to
restrict _some_ options to be allowed at runtime and others not.
> Let me know your initial thoughts, then I'll see what I can do..
>
We should fix the bug, I think your patch is good for that.
Although this kind of overlaps with some things we've been discussing
with Prasad. I'd be super happy if the code magically stopped using
QAPI's MigrationStatus for internal tracking of migration state and
blocking of commands and so on.
Whatever comes first =)
---
Side note, did we ever discuss something like this?
struct MigrationState {
<state>
union {
<outgoing>
<incoming>
}
}
there's so much stuff in these structs...
