From: Greg Kurz <groug@kaod.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>,
qemu-devel@nongnu.org,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [PATCH 1/2] virtio-9p: print error message and exit instead of BUG_ON()
Date: Thu, 8 Sep 2016 18:26:52 +0200 [thread overview]
Message-ID: <20160908182652.2cf51ac0@bahia> (raw)
In-Reply-To: <20160908181732-mutt-send-email-mst@kernel.org>
On Thu, 8 Sep 2016 18:19:27 +0300
"Michael S. Tsirkin" <mst@redhat.com> wrote:
> On Thu, Sep 08, 2016 at 05:04:47PM +0200, Cornelia Huck wrote:
> > On Thu, 8 Sep 2016 18:00:28 +0300
> > "Michael S. Tsirkin" <mst@redhat.com> wrote:
> >
> > > On Thu, Sep 08, 2016 at 11:12:16AM +0200, Greg Kurz wrote:
> > > > On Thu, 8 Sep 2016 10:59:26 +0200
> > > > Cornelia Huck <cornelia.huck@de.ibm.com> wrote:
> > > >
> > > > > On Wed, 07 Sep 2016 19:19:24 +0200
> > > > > Greg Kurz <groug@kaod.org> wrote:
> > > > >
> > > > > > Calling assert() really makes sense when hitting a genuine bug, which calls
> > > > > > for a fix in QEMU. However, when something goes wrong because the guest
> > > > > > sends a malformed message, it is better to write down a more meaningul
> > > > > > error message and exit.
> > > > > >
> > > > > > Signed-off-by: Greg Kurz <groug@kaod.org>
> > > > > > ---
> > > > > > hw/9pfs/virtio-9p-device.c | 20 ++++++++++++++++++--
> > > > > > 1 file changed, 18 insertions(+), 2 deletions(-)
> > > > >
> > > > > While this is an improvement over the current state, I don't think the
> > > > > guest should be able to kill qemu just by doing something stupid.
> > > > >
> > > >
> > > > Hi Connie,
> > > >
> > > > I'm glad you're pointing this out... this was also my impression, but
> > > > since there are a bunch of sanity checks in the virtio code that cause
> > > > QEMU to exit (even recently added like 1e7aed70144b), I did not dare
> > > > stand up :)
> > >
> > > It's true that it's broken in many places but we should just
> > > fix them all.
> > >
> > >
> > > A separate question is how to log such hardware/guest bugs generally.
> > > People already complained about disk filling up because of us printing
> > > errors on each such bug. Maybe print each message only N times, and
> > > then set a flag to skip the log until management tells us to restart
> > > logging again.
> >
> > I'd expect to get the message just once per device if we set the device
> > to broken (unless the guess continuously resets it again...)
>
> Which it can do, so we should limit that anyway.
>
> > Do we have
> > a generic print/log ratelimit infrastructure in qemu?
>
> There are actually two kinds of errors
> host side ones and ones triggered by guests.
>
> We should distinguish between them API-wise, then
> we will be able to limit the logging of those
> that guest can trigger.
>
FWIW it makes sense to use error_report() if QEMU exits. If it continues
execution, this means we're expecting the guest or the host to do something
to fix the error condition. This requires QEMU to emit an event of some
sort, but not necessarily to log an error message in a file. I guess this
depends if QEMU is run by some tooling, or by a human.
next prev parent reply other threads:[~2016-09-08 16:27 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-07 17:19 [Qemu-devel] [PATCH 0/2] virtio: error report fixes in 9P and PCI Greg Kurz
2016-09-07 17:19 ` [Qemu-devel] [PATCH 1/2] virtio-9p: print error message and exit instead of BUG_ON() Greg Kurz
2016-09-08 7:14 ` Markus Armbruster
2016-09-08 9:05 ` Greg Kurz
2016-09-08 8:59 ` Cornelia Huck
2016-09-08 9:12 ` Greg Kurz
2016-09-08 15:00 ` Michael S. Tsirkin
2016-09-08 15:04 ` Cornelia Huck
2016-09-08 15:19 ` Michael S. Tsirkin
2016-09-08 16:26 ` Greg Kurz [this message]
2016-09-08 16:55 ` Michael S. Tsirkin
2016-09-09 8:30 ` Cornelia Huck
2016-09-09 8:46 ` Greg Kurz
2016-09-09 8:53 ` Cornelia Huck
2016-09-09 9:26 ` Greg Kurz
2016-09-09 9:37 ` Greg Kurz
2016-09-09 6:38 ` Markus Armbruster
2016-09-09 7:30 ` Greg Kurz
2016-09-09 9:08 ` Markus Armbruster
2016-09-09 9:54 ` Greg Kurz
2016-09-07 17:19 ` [Qemu-devel] [PATCH 2/2] virtio-pci: error out when both legacy and modern modes are disabled Greg Kurz
2016-09-08 7:15 ` Markus Armbruster
2016-09-08 9:52 ` Greg Kurz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160908182652.2cf51ac0@bahia \
--to=groug@kaod.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=cornelia.huck@de.ibm.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).