From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48221)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <groug@kaod.org>) id 1bhvNi-00012L-C3
	for qemu-devel@nongnu.org; Thu, 08 Sep 2016 05:12:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <groug@kaod.org>) id 1bhvNe-0005eD-5G
	for qemu-devel@nongnu.org; Thu, 08 Sep 2016 05:12:25 -0400
Received: from 3.mo68.mail-out.ovh.net ([46.105.58.60]:56651)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <groug@kaod.org>) id 1bhvNd-0005dh-VM
	for qemu-devel@nongnu.org; Thu, 08 Sep 2016 05:12:22 -0400
Received: from player778.ha.ovh.net (b7.ovh.net [213.186.33.57])
	by mo68.mail-out.ovh.net (Postfix) with ESMTP id 34324FF9D0B
	for <qemu-devel@nongnu.org>; Thu,  8 Sep 2016 11:12:21 +0200 (CEST)
Date: Thu, 8 Sep 2016 11:12:16 +0200
From: Greg Kurz <groug@kaod.org>
Message-ID: <20160908111216.12a1b562@bahia>
In-Reply-To: <20160908105926.0d968e64.cornelia.huck@de.ibm.com>
References: <147326875705.8546.11347276277137015855.stgit@bahia.lan>
	<147326876478.8546.16045138068342092499.stgit@bahia.lan>
	<20160908105926.0d968e64.cornelia.huck@de.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 1/2] virtio-9p: print error message and
 exit instead of BUG_ON()
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>, qemu-devel@nongnu.org, "Aneesh
	Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>

On Thu, 8 Sep 2016 10:59:26 +0200
Cornelia Huck <cornelia.huck@de.ibm.com> wrote:

> On Wed, 07 Sep 2016 19:19:24 +0200
> Greg Kurz <groug@kaod.org> wrote:
> 
> > Calling assert() really makes sense when hitting a genuine bug, which calls
> > for a fix in QEMU. However, when something goes wrong because the guest
> > sends a malformed message, it is better to write down a more meaningul
> > error message and exit.
> > 
> > Signed-off-by: Greg Kurz <groug@kaod.org>
> > ---
> >  hw/9pfs/virtio-9p-device.c |   20 ++++++++++++++++++--
> >  1 file changed, 18 insertions(+), 2 deletions(-)  
> 
> While this is an improvement over the current state, I don't think the
> guest should be able to kill qemu just by doing something stupid.
> 

Hi Connie,

I'm glad you're pointing this out... this was also my impression, but
since there are a bunch of sanity checks in the virtio code that cause
QEMU to exit (even recently added like 1e7aed70144b), I did not dare
stand up :)

> The right way to go is to mark the virtio device as broken and stop
> doing any processing until the guest resets it. I think Stefan had a
> patch series doing that for some base virtio errors, but I'd have to
> search for it.
> 

I'd be glad to have a look and try to address this issue.

Thanks !

--
Greg