From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45860) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YkDOL-0002WG-Ej for qemu-devel@nongnu.org; Mon, 20 Apr 2015 11:13:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YkDOH-0005Gq-9T for qemu-devel@nongnu.org; Mon, 20 Apr 2015 11:13:45 -0400 Received: from e06smtp14.uk.ibm.com ([195.75.94.110]:42284) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YkDOG-0005Cg-Ui for qemu-devel@nongnu.org; Mon, 20 Apr 2015 11:13:41 -0400 Received: from /spool/local by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Apr 2015 16:13:38 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by d06dlp03.portsmouth.uk.ibm.com (Postfix) with ESMTP id 67C591B0804B for ; Mon, 20 Apr 2015 16:14:11 +0100 (BST) Received: from d06av04.portsmouth.uk.ibm.com (d06av04.portsmouth.uk.ibm.com [9.149.37.216]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id t3KFDZrw48824396 for ; Mon, 20 Apr 2015 15:13:35 GMT Received: from d06av04.portsmouth.uk.ibm.com (localhost [127.0.0.1]) by d06av04.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id t3KFDYgu013473 for ; Mon, 20 Apr 2015 09:13:34 -0600 Date: Mon, 20 Apr 2015 17:13:30 +0200 From: Cornelia Huck Message-ID: <20150420171330.45514f68.cornelia.huck@de.ibm.com> In-Reply-To: <1429257573-7359-1-git-send-email-famz@redhat.com> References: <1429257573-7359-1-git-send-email-famz@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 00/18] virtio-blk: Support "VIRTIO_CONFIG_S_NEEDS_RESET" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Fam Zheng Cc: Kevin Wolf , "Michael S. Tsirkin" , qemu-devel@nongnu.org, "Aneesh Kumar K.V" , Stefan Hajnoczi , Amit Shah , Paolo Bonzini On Fri, 17 Apr 2015 15:59:15 +0800 Fam Zheng wrote: > Currently, virtio code chooses to kill QEMU if the guest passes any invalid > data with vring. That has drawbacks such as losing unsaved data (e.g. when > guest user is writing a very long email), or possible denial of service in > a nested vm use case where virtio device is passed through. > > virtio-1 has introduced a new status bit "NEEDS RESET" which could be used to > improve this by communicating the error state between virtio devices and > drivers. The device notifies guest upon setting the bit, then the guest driver > should detect this bit and report to userspace, or recover the device by > resetting it. > > This series makes necessary changes in virtio core code, based on which > virtio-blk is converted. Other devices now keep the existing behavior by > passing in "error_abort". They will be converted in following series. The Linux > driver part will also be worked on. > > One concern with this behavior change is that it's now harder to notice the > actual driver bug that caused the error, as the guest continues to run. To > address that, we could probably add a new error action option to virtio > devices, similar to the "read/write werror" in block layer, so the vm could be > paused and the management will get an event in QMP like pvpanic. This work can > be done on top. In principle, this looks nice; I'm not sure however how this affects non-virtio-1 devices. If a device is operating in virtio-1 mode, everything is clearly specified: The guest is notified and if it is aware of the NEEDS_RESET bit, it can react accordingly. But what about legacy devices? Even if they are notified, they don't know to check for NEEDS_RESET - and I'm not sure if the undefined behaviour after NEEDS_RESET might lead to bigger trouble than killing off the guest.