From: "Michael S. Tsirkin" <mst@redhat.com>
To: Greg Kurz <groug@kaod.org>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>,
qemu-devel@nongnu.org,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [PATCH 1/2] virtio-9p: print error message and exit instead of BUG_ON()
Date: Thu, 8 Sep 2016 19:55:16 +0300 [thread overview]
Message-ID: <20160908194939-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20160908182652.2cf51ac0@bahia>
On Thu, Sep 08, 2016 at 06:26:52PM +0200, Greg Kurz wrote:
> On Thu, 8 Sep 2016 18:19:27 +0300
> "Michael S. Tsirkin" <mst@redhat.com> wrote:
>
> > On Thu, Sep 08, 2016 at 05:04:47PM +0200, Cornelia Huck wrote:
> > > On Thu, 8 Sep 2016 18:00:28 +0300
> > > "Michael S. Tsirkin" <mst@redhat.com> wrote:
> > >
> > > > On Thu, Sep 08, 2016 at 11:12:16AM +0200, Greg Kurz wrote:
> > > > > On Thu, 8 Sep 2016 10:59:26 +0200
> > > > > Cornelia Huck <cornelia.huck@de.ibm.com> wrote:
> > > > >
> > > > > > On Wed, 07 Sep 2016 19:19:24 +0200
> > > > > > Greg Kurz <groug@kaod.org> wrote:
> > > > > >
> > > > > > > Calling assert() really makes sense when hitting a genuine bug, which calls
> > > > > > > for a fix in QEMU. However, when something goes wrong because the guest
> > > > > > > sends a malformed message, it is better to write down a more meaningul
> > > > > > > error message and exit.
> > > > > > >
> > > > > > > Signed-off-by: Greg Kurz <groug@kaod.org>
> > > > > > > ---
> > > > > > > hw/9pfs/virtio-9p-device.c | 20 ++++++++++++++++++--
> > > > > > > 1 file changed, 18 insertions(+), 2 deletions(-)
> > > > > >
> > > > > > While this is an improvement over the current state, I don't think the
> > > > > > guest should be able to kill qemu just by doing something stupid.
> > > > > >
> > > > >
> > > > > Hi Connie,
> > > > >
> > > > > I'm glad you're pointing this out... this was also my impression, but
> > > > > since there are a bunch of sanity checks in the virtio code that cause
> > > > > QEMU to exit (even recently added like 1e7aed70144b), I did not dare
> > > > > stand up :)
> > > >
> > > > It's true that it's broken in many places but we should just
> > > > fix them all.
> > > >
> > > >
> > > > A separate question is how to log such hardware/guest bugs generally.
> > > > People already complained about disk filling up because of us printing
> > > > errors on each such bug. Maybe print each message only N times, and
> > > > then set a flag to skip the log until management tells us to restart
> > > > logging again.
> > >
> > > I'd expect to get the message just once per device if we set the device
> > > to broken (unless the guess continuously resets it again...)
> >
> > Which it can do, so we should limit that anyway.
> >
> > > Do we have
> > > a generic print/log ratelimit infrastructure in qemu?
> >
> > There are actually two kinds of errors
> > host side ones and ones triggered by guests.
> >
> > We should distinguish between them API-wise, then
> > we will be able to limit the logging of those
> > that guest can trigger.
> >
>
> FWIW it makes sense to use error_report() if QEMU exits.
Not necessarily e.g. hotplug errors trigger error_report too.
Generally it should be for host misconfiguration or similar
management errors.
> If it continues
> execution, this means we're expecting the guest or the host to do something
> to fix the error condition. This requires QEMU to emit an event of some
> sort, but not necessarily to log an error message in a file. I guess this
> depends if QEMU is run by some tooling, or by a human.
I'm not sure we need an event if tools are not expected to
do anything with it. If we limit # of times error
is printed, tools will need to reset this counter,
so we will need an event on overflow.
--
MST
next prev parent reply other threads:[~2016-09-08 16:55 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-07 17:19 [Qemu-devel] [PATCH 0/2] virtio: error report fixes in 9P and PCI Greg Kurz
2016-09-07 17:19 ` [Qemu-devel] [PATCH 1/2] virtio-9p: print error message and exit instead of BUG_ON() Greg Kurz
2016-09-08 7:14 ` Markus Armbruster
2016-09-08 9:05 ` Greg Kurz
2016-09-08 8:59 ` Cornelia Huck
2016-09-08 9:12 ` Greg Kurz
2016-09-08 15:00 ` Michael S. Tsirkin
2016-09-08 15:04 ` Cornelia Huck
2016-09-08 15:19 ` Michael S. Tsirkin
2016-09-08 16:26 ` Greg Kurz
2016-09-08 16:55 ` Michael S. Tsirkin [this message]
2016-09-09 8:30 ` Cornelia Huck
2016-09-09 8:46 ` Greg Kurz
2016-09-09 8:53 ` Cornelia Huck
2016-09-09 9:26 ` Greg Kurz
2016-09-09 9:37 ` Greg Kurz
2016-09-09 6:38 ` Markus Armbruster
2016-09-09 7:30 ` Greg Kurz
2016-09-09 9:08 ` Markus Armbruster
2016-09-09 9:54 ` Greg Kurz
2016-09-07 17:19 ` [Qemu-devel] [PATCH 2/2] virtio-pci: error out when both legacy and modern modes are disabled Greg Kurz
2016-09-08 7:15 ` Markus Armbruster
2016-09-08 9:52 ` Greg Kurz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160908194939-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=cornelia.huck@de.ibm.com \
--cc=groug@kaod.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.