From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35886)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1WPYyj-0002Bb-Ig
	for qemu-devel@nongnu.org; Mon, 17 Mar 2014 10:57:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1WPYyd-0000TR-KI
	for qemu-devel@nongnu.org; Mon, 17 Mar 2014 10:57:25 -0400
Received: from mx1.redhat.com ([209.132.183.28]:16987)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1WPYyd-0000TG-CC
	for qemu-devel@nongnu.org; Mon, 17 Mar 2014 10:57:19 -0400
Message-ID: <1395068232.5663.20.camel@nilsson.home.kraxel.org>
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 17 Mar 2014 15:57:12 +0100
In-Reply-To: <53270B6D.6030602@redhat.com>
References: <CAPM=9twJX3F+as1TuoerW1Yt-b0xw8YEf1YHa0B+MLMJBd0i_w@mail.gmail.com>
	<53270678.8090901@redhat.com>
	<CAFEAcA_i-S39_254dLWv95XYTtHMLr89aKM-9fF9omTWDOmZbg@mail.gmail.com>
	<53270B6D.6030602@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] virtio device error reporting best practice?
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Laszlo Ersek <lersek@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>, Dave Airlie <airlied@gmail.com>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, Seiji Aguchi <saguchi@redhat.com>

On Mo, 2014-03-17 at 15:49 +0100, Laszlo Ersek wrote:
> On 03/17/14 15:40, Peter Maydell wrote:
> > On 17 March 2014 14:28, Laszlo Ersek <lersek@redhat.com> wrote:
> >> On 03/17/14 07:02, Dave Airlie wrote:
> >>> The main reason I'm considering this stuff is for security reasons if
> >>> the guest asks for something really illegal or crazy what should the
> >>> expected behaviour of the host be? (at least secure I know that).
> >>
> >> exit(1).
> > 
> > No thanks -- the guest should never be able to cause QEMU
> > to exit (in an ideal world). Use
> >    qemu_log_mask(LOG_GUEST_ERROR, ...)
> > and continue.
> 
> How do you continue with a garbled virtio ring? Say you detect an error
> that would cause integer overflow or buffer overflow in the host, a
> clear virtio protocol violation etc. Error reporting is just one thing
> -- what are the semantics of continuing?

Stop processing until device is reset.  This is what real hardware does,
and there are places in qemu (xhci emulation for example) which does
this too.

We don't have a standard error register in virtio to report this to the
guest though.  Maybe something to consider for virtio 1.0?  mst?

cheers,
  Gerd