Am 13.09.2010 15:29, schrieb Anthony Liguori: > On 09/13/2010 03:32 AM, Kevin Wolf wrote: >> Am 11.09.2010 16:04, schrieb Anthony Liguori: >> >>> This fixes a couple nasty problems relating to live migration. >>> >>> 1) When dealing with shared storage with weak coherence (i.e. NFS), even if >>> we re-read, we may end up with undesired caching. By delaying any reads >>> until we absolutely have to, we decrease the likelihood of any >>> undesirable >>> caching. >>> >>> 2) When dealing with copy-on-read, the local storage acts as a cache. We >>> need >>> to make sure to avoid any reads to avoid polluting the local cache. >>> >>> Signed-off-by: Anthony Liguori<aligu...@us.ibm.com> >>> >> I think we should also delay even opening the image file at all to the >> latest possible point to avoid that new problems of this kind are >> introduced. Ideally, opening the image would be the very last thing we >> do before telling the migration source that we're set and it should >> close the images. >> > > There's a lot of possible failure scenarios that opening an image file > can introduce. Fortunately, I don't think we have a strict requirement > for it provided that we make a couple of reasonable changes. > >> Even better would be to only open the image when the source has already >> closed it (we could completely avoid the invalidation/reopen then), but >> I think you were afraid that we might lose the image on both ends. >> > > Yeah, one of the key design points of live migration is to minimize the > number of failure scenarios where you lose a VM. If someone typed the > wrong command line or shared storage hasn't been mounted yet and we > delay failure until live migration is in the critical path, that would > be terribly unfortunate.
We would catch most of them if we try to open the image when migration starts and immediately close it again until migration is (almost) completed, so that no other code can possibly use it before the source has really closed it. Kevin
