From: Eric Blake <eblake@redhat.com>
To: David Marchand <david.marchand@6wind.com>,
Stefan Hajnoczi <stefanha@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, claudio.fontana@huawei.com,
qemu-devel@nongnu.org, armbru@redhat.com,
jani.kokkonen@huawei.com, cam@cs.ualberta.ca
Subject: Re: [PATCH v3 2/2] docs: update ivshmem device spec
Date: Tue, 09 Sep 2014 13:04:35 -0600 [thread overview]
Message-ID: <540F4F43.7020104@redhat.com> (raw)
In-Reply-To: <540441E4.7080203@6wind.com>
[-- Attachment #1: Type: text/plain, Size: 3951 bytes --]
On 09/01/2014 03:52 AM, David Marchand wrote:
>>> What about upgrading QEMU and ivshmem-server while you have existing
>>> guests? You cannot restart ivshmem-server, and the new QEMU would have
>>> to talk to the old ivshmem-server.
>>
>> Version negotiation also helps avoid confusion if someone combines
>> ivshmem-server and QEMU from different origins (e.g. built from source
>> and distro packaged).
Don't underestimate the likelihood of this happening. Any long-running
process (which an ivshmem-server will be) continues running at the old
version, even when a package upgrade installs a new qemu binary; the new
binary should still be able to manage connections to the already-running
server.
Even neater would be a solution where an existing ivshmem-server could
re-exec an updated ivshmem-server binary that resulted from a distro
upgrade, hand over all state required for the new server to take over
from the point managed by the old server, so that you aren't stuck
running the old binary forever. But that's a lot trickier to write, so
it is not necessary for a first implementation; and if you do that, then
you have the reverse situation to worry about (the new server must still
accept communication from existing old qemu binaries).
Note that the goal here is to support upgrades; it is probably okay if
downgrading from a new binary back to an old doesn't work correctly
(because the new software was using a feature not present in the old).
>>
>> It's a safeguard to prevent hard-to-diagnose failures when the system is
>> misconfigured.
>>
>
> Hum, so you want the code to be defensive against mis-use, why not.
>
> I wanted to keep modifications on ivshmem as little as possible in a
> first phase (all the more so as there are potential ivshmem users out
> there that I think will be impacted by a protocol change).
Existing ivshmem users MUST be aware that they are using something that
is not yet polished, and be prepared to make the upgrade to the polished
version. It's best to minimize the hassle by making them upgrade
exactly once to a fully-robust version, rather than to have them upgrade
to a slightly-more robust version only to find out we didn't plan ahead
well enough to make further extensions in a back-compatible manner.
>
> Sending the version as the first "vm_id" with an associated fd to -1
> before sending the real client id should work with existing QEMU client
> code (hw/misc/ivshmem.c).
>
> Do you have a better idea ?
> Is there a best practice in QEMU for "version negotiation" that could
> work with ivshmem protocol ?
QMP starts off with a mandatory "qmp_capabilities" handshake, although
we haven't yet had to define any capabilities where cross-versioned
communication differs as a result. Migration is somewhat of an example,
except that it is one-directional (we don't have a feedback path), so it
is somewhat best effort. The qcow2 v3 file format is an example of
declaring features, rather than version numbers, and making decisions
about whether a feature is compatible (older clients can safely ignore
the bit, without corrupting the image but possibly having worse
performance) vs. incompatible (older clients must reject the image,
because not handling the feature correctly would corrupt the image).
The best handshakes are bi-directional - both sides advertise their
version (or better, their features), and a well-defined algorithm for
settling on the common subset of advertised features then ensures that
the two sides know how to talk to each other, or give a reason for
either side to disconnect early because of a missing feature.
>
> I have a v4 ready with this (and all the pending comments), I will send
> it later unless a better idea is exposed.
>
>
> Thanks.
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 539 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Eric Blake <eblake@redhat.com>
To: David Marchand <david.marchand@6wind.com>,
Stefan Hajnoczi <stefanha@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, claudio.fontana@huawei.com,
qemu-devel@nongnu.org, armbru@redhat.com,
jani.kokkonen@huawei.com, cam@cs.ualberta.ca
Subject: Re: [Qemu-devel] [PATCH v3 2/2] docs: update ivshmem device spec
Date: Tue, 09 Sep 2014 13:04:35 -0600 [thread overview]
Message-ID: <540F4F43.7020104@redhat.com> (raw)
In-Reply-To: <540441E4.7080203@6wind.com>
[-- Attachment #1: Type: text/plain, Size: 3951 bytes --]
On 09/01/2014 03:52 AM, David Marchand wrote:
>>> What about upgrading QEMU and ivshmem-server while you have existing
>>> guests? You cannot restart ivshmem-server, and the new QEMU would have
>>> to talk to the old ivshmem-server.
>>
>> Version negotiation also helps avoid confusion if someone combines
>> ivshmem-server and QEMU from different origins (e.g. built from source
>> and distro packaged).
Don't underestimate the likelihood of this happening. Any long-running
process (which an ivshmem-server will be) continues running at the old
version, even when a package upgrade installs a new qemu binary; the new
binary should still be able to manage connections to the already-running
server.
Even neater would be a solution where an existing ivshmem-server could
re-exec an updated ivshmem-server binary that resulted from a distro
upgrade, hand over all state required for the new server to take over
from the point managed by the old server, so that you aren't stuck
running the old binary forever. But that's a lot trickier to write, so
it is not necessary for a first implementation; and if you do that, then
you have the reverse situation to worry about (the new server must still
accept communication from existing old qemu binaries).
Note that the goal here is to support upgrades; it is probably okay if
downgrading from a new binary back to an old doesn't work correctly
(because the new software was using a feature not present in the old).
>>
>> It's a safeguard to prevent hard-to-diagnose failures when the system is
>> misconfigured.
>>
>
> Hum, so you want the code to be defensive against mis-use, why not.
>
> I wanted to keep modifications on ivshmem as little as possible in a
> first phase (all the more so as there are potential ivshmem users out
> there that I think will be impacted by a protocol change).
Existing ivshmem users MUST be aware that they are using something that
is not yet polished, and be prepared to make the upgrade to the polished
version. It's best to minimize the hassle by making them upgrade
exactly once to a fully-robust version, rather than to have them upgrade
to a slightly-more robust version only to find out we didn't plan ahead
well enough to make further extensions in a back-compatible manner.
>
> Sending the version as the first "vm_id" with an associated fd to -1
> before sending the real client id should work with existing QEMU client
> code (hw/misc/ivshmem.c).
>
> Do you have a better idea ?
> Is there a best practice in QEMU for "version negotiation" that could
> work with ivshmem protocol ?
QMP starts off with a mandatory "qmp_capabilities" handshake, although
we haven't yet had to define any capabilities where cross-versioned
communication differs as a result. Migration is somewhat of an example,
except that it is one-directional (we don't have a feedback path), so it
is somewhat best effort. The qcow2 v3 file format is an example of
declaring features, rather than version numbers, and making decisions
about whether a feature is compatible (older clients can safely ignore
the bit, without corrupting the image but possibly having worse
performance) vs. incompatible (older clients must reject the image,
because not handling the feature correctly would corrupt the image).
The best handshakes are bi-directional - both sides advertise their
version (or better, their features), and a well-defined algorithm for
settling on the common subset of advertised features then ensures that
the two sides know how to talk to each other, or give a reason for
either side to disconnect early because of a missing feature.
>
> I have a v4 ready with this (and all the pending comments), I will send
> it later unless a better idea is exposed.
>
>
> Thanks.
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 539 bytes --]
next prev parent reply other threads:[~2014-09-09 19:04 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-08 8:55 [PATCH v3 0/2] ivshmem: update documentation, add client/server tools David Marchand
2014-08-08 8:55 ` [Qemu-devel] " David Marchand
2014-08-08 8:55 ` [PATCH v3 1/2] contrib: add ivshmem client and server David Marchand
2014-08-08 8:55 ` [Qemu-devel] " David Marchand
2014-08-08 14:51 ` Stefan Hajnoczi
2014-08-08 14:51 ` Stefan Hajnoczi
2014-08-18 12:09 ` David Marchand
2014-08-18 12:09 ` David Marchand
2014-08-10 3:57 ` Gonglei
2014-08-10 3:57 ` [Qemu-devel] " Gonglei
2014-08-18 12:19 ` David Marchand
2014-08-18 12:19 ` David Marchand
2014-08-08 8:55 ` [PATCH v3 2/2] docs: update ivshmem device spec David Marchand
2014-08-08 8:55 ` [Qemu-devel] " David Marchand
2014-08-08 9:04 ` Claudio Fontana
2014-08-08 9:04 ` [Qemu-devel] " Claudio Fontana
2014-08-08 9:32 ` David Marchand
2014-08-08 9:32 ` [Qemu-devel] " David Marchand
2014-08-08 15:02 ` Stefan Hajnoczi
2014-08-08 15:02 ` Stefan Hajnoczi
2014-08-26 6:47 ` David Marchand
2014-08-26 6:47 ` David Marchand
2014-08-26 11:04 ` Paolo Bonzini
2014-08-26 11:04 ` Paolo Bonzini
2014-08-28 9:49 ` Stefan Hajnoczi
2014-08-28 9:49 ` Stefan Hajnoczi
2014-09-01 9:52 ` David Marchand
2014-09-01 9:52 ` David Marchand
2014-09-09 19:04 ` Eric Blake [this message]
2014-09-09 19:04 ` Eric Blake
2014-08-08 9:30 ` [Qemu-devel] [PATCH v3 0/2] ivshmem: update documentation, add client/server tools Gonglei (Arei)
2014-08-08 9:30 ` Gonglei (Arei)
2014-08-08 9:54 ` David Marchand
2014-08-08 9:54 ` David Marchand
2014-08-08 10:26 ` Gonglei (Arei)
2014-08-08 10:26 ` Gonglei (Arei)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=540F4F43.7020104@redhat.com \
--to=eblake@redhat.com \
--cc=armbru@redhat.com \
--cc=cam@cs.ualberta.ca \
--cc=claudio.fontana@huawei.com \
--cc=david.marchand@6wind.com \
--cc=jani.kokkonen@huawei.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.