Re: [Qemu-devel] Crash: When Host HDD is full

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Crash: When Host HDD is full

From:	Avi Kivity
Subject:	Re: [Qemu-devel] Crash: When Host HDD is full
Date:	Thu, 12 Jul 2007 20:13:22 +0300
User-agent:	Thunderbird 2.0.0.0 (X11/20070419)

Paul Brook wrote:

Qemu might freeze the guest when it gets -ENOSPC, and say, retry every
second or wait for user input on the monitor.

Better would IMHO be to report an IO error to the guest and allow that to
decide what to do. If you're bothered about robustness and reliability
then arbitrarily stopping the guest is not acceptable behaviour. There's
no guarantee that space will become available in a finite timeframe.

I've considered that, and I'm not sure.  You will likely get a storm of
I/O errors on ENOSPC; with several ways for disaster to strike:
- the guest doesn't handle I/O errors well, and keeps writing.  some of
the writes are overwrites so they hit the disk and data is corrupted


If an guest OS ignores IO write errors it's just plain broken.

Linux 2.4 ignores IO write errors under certain conditions. Yes, it'sbroken. But you're making the user suffer for this brokenness even ifthe only thing wrong is a temporary shortage of disk space.

- the guest decides the disk is bad because it has too many errors and
initiates some recovery procedure
Stopping the guest at least guarantees nothing unexpected happens. Ifit's part of a managed solution we can output a message to the monitor
which eventually finds its way to the operator.
I don't buy this argument. If you don't want "unexpected" things to happenthen the solution is simple: Make sure you never run out of disk space.

That's unrealistic, at least for the casual user running qemu. Amanaged solution can probably work around this.


Qemu should be more user friendly.

The fact is that your (virtual) disk *is* broken at this point. The guest OSis in a much better position to decide on an appropriate course of action,either by retrying or some other recovery mechanism.

I don't see why it is broken. The disk contents have not changed sinceafter the last successful write. Once you free some space you cancontinue writing.

Note that a recovery mechanism that involves writing will likely fail aswell, possibly corrupting the disk in the process.

There are various error contitions that could be used, for examplewrite-protect.

The guest would most likely be surprised at getting a write-protecterror on its hard disk, and then the disk *would* be broken.


--
error compiling committee.c: too many arguments to function

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Crash: When Host HDD is full, Alexey Eremenko, 2007/07/11
- Re: [Qemu-devel] Crash: When Host HDD is full, Mike Swanson, 2007/07/12
  - Re: [Qemu-devel] Crash: When Host HDD is full, Avi Kivity, 2007/07/12
    - Re: [Qemu-devel] Crash: When Host HDD is full, Paul Brook, 2007/07/12
    - Re: [Qemu-devel] Crash: When Host HDD is full, Avi Kivity, 2007/07/12
    - Re: [Qemu-devel] Crash: When Host HDD is full, Paul Brook, 2007/07/12
    - Re: [Qemu-devel] Crash: When Host HDD is full, Avi Kivity <=
    - Re: [Qemu-devel] Crash: When Host HDD is full, Daniel P. Berrange, 2007/07/12
    - Re: [Qemu-devel] Crash: When Host HDD is full, Avi Kivity, 2007/07/12
    - Re: [Qemu-devel] Crash: When Host HDD is full, andrzej zaborowski, 2007/07/12
    - Re: [Qemu-devel] Crash: When Host HDD is full, Alexey Eremenko, 2007/07/12
    - Re: [Qemu-devel] Crash: When Host HDD is full, Adam Bolte, 2007/07/19
    - Re: [Qemu-devel] Crash: When Host HDD is full, Andreas Färber, 2007/07/19
    - Re: [Qemu-devel] Crash: When Host HDD is full, Alexey Eremenko, 2007/07/19

Prev by Date: Re: [Qemu-devel] Crash: When Host HDD is full
Next by Date: Re: [Qemu-devel] Crash: When Host HDD is full
Previous by thread: Re: [Qemu-devel] Crash: When Host HDD is full
Next by thread: Re: [Qemu-devel] Crash: When Host HDD is full
Index(es):
- Date
- Thread