12a578133STarun Gupta===================== 22a578133STarun GuptaVFIO device Migration 32a578133STarun Gupta===================== 42a578133STarun Gupta 52a578133STarun GuptaMigration of virtual machine involves saving the state for each device that 62a578133STarun Guptathe guest is running on source host and restoring this saved state on the 72a578133STarun Guptadestination host. This document details how saving and restoring of VFIO 82a578133STarun Guptadevices is done in QEMU. 92a578133STarun Gupta 10eda7362aSAvihai HoronMigration of VFIO devices consists of two phases: the optional pre-copy phase, 11eda7362aSAvihai Horonand the stop-and-copy phase. The pre-copy phase is iterative and allows to 12eda7362aSAvihai Horonaccommodate VFIO devices that have a large amount of data that needs to be 13eda7362aSAvihai Horontransferred. The iterative pre-copy phase of migration allows for the guest to 14eda7362aSAvihai Horoncontinue whilst the VFIO device state is transferred to the destination, this 15eda7362aSAvihai Horonhelps to reduce the total downtime of the VM. VFIO devices opt-in to pre-copy 16eda7362aSAvihai Horonsupport by reporting the VFIO_MIGRATION_PRE_COPY flag in the 17eda7362aSAvihai HoronVFIO_DEVICE_FEATURE_MIGRATION ioctl. 182b0ab9e9SAvihai Horon 192b0ab9e9SAvihai HoronNote that currently VFIO migration is supported only for a single device. This 202b0ab9e9SAvihai Horonis due to VFIO migration's lack of P2P support. However, P2P support is planned 212b0ab9e9SAvihai Horonto be added later on. 222a578133STarun Gupta 232a578133STarun GuptaA detailed description of the UAPI for VFIO device migration can be found in 242b0ab9e9SAvihai Horonthe comment for the ``vfio_device_mig_state`` structure in the header file 252b0ab9e9SAvihai Horonlinux-headers/linux/vfio.h. 262a578133STarun Gupta 272a578133STarun GuptaVFIO implements the device hooks for the iterative approach as follows: 282a578133STarun Gupta 292b0ab9e9SAvihai Horon* A ``save_setup`` function that sets up migration on the source. 302a578133STarun Gupta 312b0ab9e9SAvihai Horon* A ``load_setup`` function that sets the VFIO device on the destination in 322b0ab9e9SAvihai Horon _RESUMING state. 332a578133STarun Gupta 34eda7362aSAvihai Horon* A ``state_pending_estimate`` function that reports an estimate of the 35eda7362aSAvihai Horon remaining pre-copy data that the vendor driver has yet to save for the VFIO 36eda7362aSAvihai Horon device. 37eda7362aSAvihai Horon 38c8df4a7aSJuan Quintela* A ``state_pending_exact`` function that reads pending_bytes from the vendor 392a578133STarun Gupta driver, which indicates the amount of data that the vendor driver has yet to 402a578133STarun Gupta save for the VFIO device. 412a578133STarun Gupta 42eda7362aSAvihai Horon* An ``is_active_iterate`` function that indicates ``save_live_iterate`` is 43eda7362aSAvihai Horon active only when the VFIO device is in pre-copy states. 44eda7362aSAvihai Horon 45eda7362aSAvihai Horon* A ``save_live_iterate`` function that reads the VFIO device's data from the 46eda7362aSAvihai Horon vendor driver during iterative pre-copy phase. 47eda7362aSAvihai Horon 482a578133STarun Gupta* A ``save_state`` function to save the device config space if it is present. 492a578133STarun Gupta 502b0ab9e9SAvihai Horon* A ``save_live_complete_precopy`` function that sets the VFIO device in 512b0ab9e9SAvihai Horon _STOP_COPY state and iteratively copies the data for the VFIO device until 522b0ab9e9SAvihai Horon the vendor driver indicates that no data remains. 532a578133STarun Gupta 542a578133STarun Gupta* A ``load_state`` function that loads the config section and the data 552b0ab9e9SAvihai Horon sections that are generated by the save functions above. 562a578133STarun Gupta 572a578133STarun Gupta* ``cleanup`` functions for both save and load that perform any migration 582b0ab9e9SAvihai Horon related cleanup. 592a578133STarun Gupta 602a578133STarun Gupta 612a578133STarun GuptaThe VFIO migration code uses a VM state change handler to change the VFIO 622a578133STarun Guptadevice state when the VM state changes from running to not-running, and 632a578133STarun Guptavice versa. 642a578133STarun Gupta 652a578133STarun GuptaSimilarly, a migration state change handler is used to trigger a transition of 662a578133STarun Guptathe VFIO device state when certain changes of the migration state occur. For 672a578133STarun Guptaexample, the VFIO device state is transitioned back to _RUNNING in case a 682a578133STarun Guptamigration failed or was canceled. 692a578133STarun Gupta 702a578133STarun GuptaSystem memory dirty pages tracking 712a578133STarun Gupta---------------------------------- 722a578133STarun Gupta 732a578133STarun GuptaA ``log_global_start`` and ``log_global_stop`` memory listener callback informs 74333f988dSAvihai Horonthe VFIO dirty tracking module to start and stop dirty page tracking. A 75333f988dSAvihai Horon``log_sync`` memory listener callback queries the dirty page bitmap from the 76333f988dSAvihai Horondirty tracking module and marks system memory pages which were DMA-ed by the 77333f988dSAvihai HoronVFIO device as dirty. The dirty page bitmap is queried per container. 78333f988dSAvihai Horon 79333f988dSAvihai HoronCurrently there are two ways dirty page tracking can be done: 80333f988dSAvihai Horon(1) Device dirty tracking: 81333f988dSAvihai HoronIn this method the device is responsible to log and report its DMAs. This 82333f988dSAvihai Horonmethod can be used only if the device is capable of tracking its DMAs. 83333f988dSAvihai HoronDiscovering device capability, starting and stopping dirty tracking, and 84333f988dSAvihai Horonsyncing the dirty bitmaps from the device are done using the DMA logging uAPI. 85333f988dSAvihai HoronMore info about the uAPI can be found in the comments of the 86333f988dSAvihai Horon``vfio_device_feature_dma_logging_control`` and 87333f988dSAvihai Horon``vfio_device_feature_dma_logging_report`` structures in the header file 88333f988dSAvihai Horonlinux-headers/linux/vfio.h. 89333f988dSAvihai Horon 90333f988dSAvihai Horon(2) VFIO IOMMU module: 91333f988dSAvihai HoronIn this method dirty tracking is done by IOMMU. However, there is currently no 92333f988dSAvihai HoronIOMMU support for dirty page tracking. For this reason, all pages are 93333f988dSAvihai Horonperpetually marked dirty, unless the device driver pins pages through external 94333f988dSAvihai HoronAPIs in which case only those pinned pages are perpetually marked dirty. 95333f988dSAvihai Horon 96333f988dSAvihai HoronIf the above two methods are not supported, all pages are perpetually marked 97333f988dSAvihai Horondirty by QEMU. 982a578133STarun Gupta 992b0ab9e9SAvihai HoronBy default, dirty pages are tracked during pre-copy as well as stop-and-copy 100333f988dSAvihai Horonphase. So, a page marked as dirty will be copied to the destination in both 101333f988dSAvihai Horonphases. Copying dirty pages in pre-copy phase helps QEMU to predict if it can 102333f988dSAvihai Horonachieve its downtime tolerances. If QEMU during pre-copy phase keeps finding 103333f988dSAvihai Horondirty pages continuously, then it understands that even in stop-and-copy phase, 104333f988dSAvihai Horonit is likely to find dirty pages and can predict the downtime accordingly. 1052a578133STarun Gupta 1062a578133STarun GuptaQEMU also provides a per device opt-out option ``pre-copy-dirty-page-tracking`` 1072a578133STarun Guptawhich disables querying the dirty bitmap during pre-copy phase. If it is set to 1082a578133STarun Guptaoff, all dirty pages will be copied to the destination in stop-and-copy phase 1092a578133STarun Guptaonly. 1102a578133STarun Gupta 1112a578133STarun GuptaSystem memory dirty pages tracking when vIOMMU is enabled 1122a578133STarun Gupta--------------------------------------------------------- 1132a578133STarun Gupta 1142a578133STarun GuptaWith vIOMMU, an IO virtual address range can get unmapped while in pre-copy 1152a578133STarun Guptaphase of migration. In that case, the unmap ioctl returns any dirty pages in 1162a578133STarun Guptathat range and QEMU reports corresponding guest physical pages dirty. During 1172a578133STarun Guptastop-and-copy phase, an IOMMU notifier is used to get a callback for mapped 1182a578133STarun Guptapages and then dirty pages bitmap is fetched from VFIO IOMMU modules for those 119333f988dSAvihai Horonmapped ranges. If device dirty tracking is enabled with vIOMMU, live migration 120333f988dSAvihai Horonwill be blocked. 1212a578133STarun Gupta 1222a578133STarun GuptaFlow of state changes during Live migration 1232a578133STarun Gupta=========================================== 1242a578133STarun Gupta 1252a578133STarun GuptaBelow is the flow of state change during live migration. 126eda7362aSAvihai HoronThe values in the parentheses represent the VM state, the migration state, and 1272a578133STarun Guptathe VFIO device state, respectively. 128eda7362aSAvihai HoronThe text in the square brackets represents the flow if the VFIO device supports 129eda7362aSAvihai Horonpre-copy. 1302a578133STarun Gupta 1312a578133STarun GuptaLive migration save path 1322a578133STarun Gupta------------------------ 1332a578133STarun Gupta 1342a578133STarun Gupta:: 1352a578133STarun Gupta 1362a578133STarun Gupta QEMU normal running state 1372a578133STarun Gupta (RUNNING, _NONE, _RUNNING) 1382a578133STarun Gupta | 1392a578133STarun Gupta migrate_init spawns migration_thread 1402a578133STarun Gupta Migration thread then calls each device's .save_setup() 141eda7362aSAvihai Horon (RUNNING, _SETUP, _RUNNING [_PRE_COPY]) 1422a578133STarun Gupta | 143eda7362aSAvihai Horon (RUNNING, _ACTIVE, _RUNNING [_PRE_COPY]) 144eda7362aSAvihai Horon If device is active, get pending_bytes by .state_pending_{estimate,exact}() 1452a578133STarun Gupta If total pending_bytes >= threshold_size, call .save_live_iterate() 146eda7362aSAvihai Horon [Data of VFIO device for pre-copy phase is copied] 1472a578133STarun Gupta Iterate till total pending bytes converge and are less than threshold 1482a578133STarun Gupta | 1492a578133STarun Gupta On migration completion, vCPU stops and calls .save_live_complete_precopy for 1502b0ab9e9SAvihai Horon each active device. The VFIO device is then transitioned into _STOP_COPY state 1512b0ab9e9SAvihai Horon (FINISH_MIGRATE, _DEVICE, _STOP_COPY) 1522a578133STarun Gupta | 1532a578133STarun Gupta For the VFIO device, iterate in .save_live_complete_precopy until 1542a578133STarun Gupta pending data is 0 1552b0ab9e9SAvihai Horon (FINISH_MIGRATE, _DEVICE, _STOP) 1562a578133STarun Gupta | 1572b0ab9e9SAvihai Horon (FINISH_MIGRATE, _COMPLETED, _STOP) 1582a578133STarun Gupta Migraton thread schedules cleanup bottom half and exits 1592a578133STarun Gupta 1602a578133STarun GuptaLive migration resume path 1612a578133STarun Gupta-------------------------- 1622a578133STarun Gupta 1632a578133STarun Gupta:: 1642a578133STarun Gupta 1652a578133STarun Gupta Incoming migration calls .load_setup for each device 1662b0ab9e9SAvihai Horon (RESTORE_VM, _ACTIVE, _STOP) 1672a578133STarun Gupta | 1682a578133STarun Gupta For each device, .load_state is called for that device section data 1692a578133STarun Gupta (RESTORE_VM, _ACTIVE, _RESUMING) 1702a578133STarun Gupta | 1712a578133STarun Gupta At the end, .load_cleanup is called for each device and vCPUs are started 1722a578133STarun Gupta (RUNNING, _NONE, _RUNNING) 1732a578133STarun Gupta 1742a578133STarun GuptaPostcopy 1752a578133STarun Gupta======== 1762a578133STarun Gupta 1772a578133STarun GuptaPostcopy migration is currently not supported for VFIO devices. 178