From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NrwjM-00086P-F0
	for qemu-devel@nongnu.org; Wed, 17 Mar 2010 13:08:28 -0400
Received: from [199.232.76.173] (port=49068 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NrwjM-000865-45
	for qemu-devel@nongnu.org; Wed, 17 Mar 2010 13:08:28 -0400
Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim
	4.60) (envelope-from <paul@codesourcery.com>) id 1NrwjL-0005AC-G4
	for qemu-devel@nongnu.org; Wed, 17 Mar 2010 13:08:28 -0400
Received: from mx20.gnu.org ([199.232.41.8]:6122)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <paul@codesourcery.com>)
	id 1NrwjL-0005A6-8q
	for qemu-devel@nongnu.org; Wed, 17 Mar 2010 13:08:27 -0400
Received: from mail.codesourcery.com ([38.113.113.100])
	by mx20.gnu.org with esmtp (Exim 4.60)
	(envelope-from <paul@codesourcery.com>) id 1NrwjK-0006UH-5q
	for qemu-devel@nongnu.org; Wed, 17 Mar 2010 13:08:26 -0400
From: Paul Brook <paul@codesourcery.com>
Subject: Re: [Qemu-devel] [PATCH] [TRIVIAL] usb-linux: remove unreachable
	default in switch statement
Date: Wed, 17 Mar 2010 17:08:03 +0000
References: <1268053115.2130.4.camel@localhost.localdomain>
	<1268842456.2231.6.camel@localhost.localdomain>
	<4BA105C7.6030806@codemonkey.ws>
In-Reply-To: <4BA105C7.6030806@codemonkey.ws>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201003171708.04633.paul@codesourcery.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Paul Bolle <pebolle@tiscali.nl>, qemu-devel@nongnu.org

> On 03/17/2010 11:14 AM, Paul Bolle wrote:
> > On Wed, 2010-03-17 at 10:59 -0500, Anthony Liguori wrote:
> >> On 03/08/2010 06:58 AM, Paul Bolle wrote:
> >>> Signed-off-by: Paul Bolle<pebolle@tiscali.nl>
> >>
> >> Applied.  Thanks.
> >
> > Paul Brook was "tempted to replace it by an abort()" (about one and a
> > half week ago). Did you perhaps miss that message or weren't you tempted
> > to do this?
> 
> I missed it, but then again, I don't think the patch was wrong in the
> first place.
> 
> I think we use too many aborts/exits in the device model that can
> potentially be triggered by guest code.

If something should never happen (as in this case) then an abort/assert is 
completely appropriate. Once things get that screwed up there's no right 
answer, and the best thing we can do is terminate immediately to try and avoid 
further damage.

If an assert/abort can be triggered by a guest then you obviously have a bug.

Removing the assert is not the correct solution.  You should either fix 
whatever caused the invalid state to occur, or replace it with an appropriate 
retry, fallback or guest visible failure.

Paul