From: Anthony Liguori <anthony@codemonkey.ws>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] Stop VM on ENOSPC error
Date: Wed, 14 Jan 2009 12:29:49 -0600 [thread overview]
Message-ID: <496E2F1D.9060809@codemonkey.ws> (raw)
In-Reply-To: <20090114173044.GS24995@redhat.com>
Daniel P. Berrange wrote:
> On Wed, Jan 14, 2009 at 04:46:17PM +0000, Jamie Lokier wrote:
>
>> Daniel P. Berrange wrote:
>>
>>> Thus I'd suggest we need an async notification of this event,
>>> and only enable this behaviour if the app controlling QEMU has
>>> explicitly enabled this notification / feature.
>>>
>> I think the behaviour should always be enabled (unless explicitly
>> disabled, but I'm not sure why you'd want to do that).
>>
>> A corrupt VM with data loss sounds much worse than a stopped VM to me.
>>
>
> You're not corrupting data in current code - you're just unable to finish
> new writes, because an IO failure is propagated back to the guest. If the
> guest is properly checking for & handling I/O failures, it should be pretty
> much OK once the host space problem is resolved - perhaps a reboot + journal
> recovery.
>
Not at all. When the guest gets an IO error, it's going to try and mark
the sector bad and move on. If it does do a journal recover on reboot,
you're even more screwed because writes will randomly fail. Writes to
pre-allocated storage will succeed but unallocated storage will fail.
The guest has no awareness into this error scenario so there's nothing
that it can reasonably do to recover.
> Older QEMU certainly had catastrophic data loss on ENOSPC due to not sending
> any I/O errors back to the guest, so it thought its write had succeeded when
> in fact it had been thrown away. Current QEMU is more careful about error
> propagation now.
>
But the error propagation in the event of ENOSPC is totally wrong. Try
it out and your guest will corrupt itself. It's even more catastrophic
with qcow2 but that shouldn't be surprising at this point.
Regards,
Anthony Liguori
> Daniel
>
next prev parent reply other threads:[~2009-01-14 18:30 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-14 12:03 [Qemu-devel] [PATCH] Stop VM on ENOSPC error Gleb Natapov
2009-01-14 12:11 ` Daniel P. Berrange
2009-01-14 12:20 ` Dor Laor
2009-01-14 13:52 ` Gleb Natapov
2009-01-14 14:28 ` Kevin Wolf
2009-01-14 16:46 ` Jamie Lokier
2009-01-14 17:30 ` Daniel P. Berrange
2009-01-14 18:29 ` Anthony Liguori [this message]
2009-01-14 18:37 ` Jamie Lokier
2009-01-14 16:47 ` Jamie Lokier
2009-01-14 17:01 ` Gleb Natapov
2009-01-14 18:39 ` Jamie Lokier
2009-01-14 19:24 ` Gleb Natapov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=496E2F1D.9060809@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).