From: Markus Armbruster <armbru@redhat.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Dave Airlie <airlied@gmail.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] virtio device error reporting best practice?
Date: Thu, 20 Mar 2014 07:39:57 +0100 [thread overview]
Message-ID: <87fvmdgypu.fsf@blackfin.pond.sub.org> (raw)
In-Reply-To: <87fvmdr0zh.fsf@rustcorp.com.au> (Rusty Russell's message of "Thu, 20 Mar 2014 14:10:50 +1030")
Rusty Russell <rusty@rustcorp.com.au> writes:
> Markus Armbruster <armbru@redhat.com> writes:
>> Rusty Russell <rusty@rustcorp.com.au> writes:
>>> The litmus test: does *your* guest handle failures other than by giving
>>> up on the device? If so, sure, you need to have a sane error-reporting
>>> strategy.
>>
>> Err, isn't this a circular argument? No need for QEMU to report the
>> failure, because the guest won't handle it; no need to handle the
>> failure, because QEMU won't report it.
>>
>> What about this: would you make your guest handle failures if they were
>> reported?
>
> Perhaps I was unclear, that's what I meant.
>
>>>> The main reason I'm considering this stuff is for security reasons if
>>>> the guest asks for something really illegal or crazy what should the
>>>> expected behaviour of the host be? (at least secure I know that).
>>>
>>> If the guest userspace can do it, don't exit. If the kernel only, and
>>> it's should have known better, abort is OK.
>>>
>>> Sure that doesn't help much!
>>
>> Immediate exit() or abort() denies the guest the ability to degrade
>> service gracefully (disable the device, cry for help and try to hobble
>> on), or report its brokenness ungracefully (kernel panic, crash dump).
>> I doubt denying that is okay unless the device is so important that
>> without it you can't even hope to panic.
>
> Oh yes, I completely agree with you! But QEMU practice doesn't :)
Ah, then we're in violent agreement :)
Time to cease the practice. Will be hard as long as the code
is chock-full of bad examples.
next prev parent reply other threads:[~2014-03-20 12:37 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-17 6:02 [Qemu-devel] virtio device error reporting best practice? Dave Airlie
2014-03-17 14:28 ` Laszlo Ersek
2014-03-17 14:40 ` Peter Maydell
2014-03-17 14:49 ` Laszlo Ersek
2014-03-17 14:54 ` Peter Maydell
2014-03-17 14:57 ` Gerd Hoffmann
2014-03-17 19:05 ` Andreas Färber
2014-03-18 12:45 ` Kevin Wolf
2014-03-17 14:57 ` Richard W.M. Jones
2014-03-17 14:59 ` Richard W.M. Jones
2014-03-26 12:49 ` Stefan Hajnoczi
2014-03-17 14:50 ` Gerd Hoffmann
2014-03-19 0:34 ` Rusty Russell
2014-03-19 8:12 ` Markus Armbruster
2014-03-20 3:40 ` Rusty Russell
2014-03-20 6:39 ` Markus Armbruster [this message]
2014-03-20 12:53 ` Peter Maydell
2014-03-26 14:34 ` Markus Armbruster
2014-03-27 0:54 ` Venkatesh Srinivas
2014-03-20 6:51 ` Michael S. Tsirkin
2014-03-21 9:44 ` Yan Vugenfirer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fvmdgypu.fsf@blackfin.pond.sub.org \
--to=armbru@redhat.com \
--cc=airlied@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.