On 12/01/2016 15:16, Kevin Wolf wrote:
Thus we should avoid selection of "pflash" drives for VM state saving.
For now "pflash" is read-write raw image as it configured by libvirt.
Thus there are no such images in the field and we could safely disable
ability to save state to those images inside QEMU.
This is obviously broken. If you write to the pflash, then it needs to
be snapshotted in order to keep a consistent state.
If you want to avoid snapshotting the image, make it read-only and it
will be skipped even today.
Sort of. The point of having flash is to _not_ make it read-only, so
that is not a solution.
Flash is already being snapshotted as part of saving RAM state. In
fact, for this reason the device (at least the one used with OVMF; I
haven't checked other pflash devices) can simply save it back to disk
on the migration destination, without the need to use "migrate -b" or
See commit 4c0cfc72b31a79f737a64ebbe0411e4b83e25771:
Author: Laszlo Ersek <address@hidden>
Date: Sat Aug 23 12:19:07 2014 +0200
pflash_cfi01: write flash contents to bdrv on incoming migration
A drive that backs a pflash device is special:
- it is very small,
- its entire contents are kept in a RAMBlock at all times, covering the
guest-phys address range that provides the guest's view of the emulated
The pflash device model keeps the drive (the host-side file) and the
guest-visible flash contents in sync. When migrating the guest, the
guest-visible flash contents (the RAMBlock) is migrated by default, but on
the target host, the drive (the host-side file) remains in full sync with
the RAMBlock only if:
- the source and target hosts share the storage underlying the pflash
- or the migration requests full or incremental block migration too, which
then covers all drives.
Due to the special nature of pflash drives, the following scenario makes
sense as well:
- no full nor incremental block migration, covering all drives, alongside
the base migration (justified eg. by shared storage for "normal" (big)
- non-shared storage for pflash drives.
In this case, currently only those portions of the flash drive are updated
on the target disk that the guest reprograms while running on the target
In order to restore accord, dump the entire flash contents to the bdrv in
a post_load() callback.
- The read-only check follows the other call-sites of pflash_update();
- both "pfl->ro" and pflash_update() reflect / consider the case when
"pfl->bs" is NULL;
- the total size of the flash device is calculated as in
When using shared storage, or requesting full or incremental block
migration along with the normal migration, the patch should incur a
harmless rewrite from the target side.
It is assumed that, on the target host, RAM is loaded ahead of the call to
I don't like very much using IF_PFLASH this way, which is why I hadn't
replied to the patch so far---I hadn't made up my mind about *what* to
suggest instead, or whether to just accept it. However, it does work.
Perhaps a separate "I know what I am doing" skip-snapshot option? Or
a device callback saying "not snapshotting this is fine"?