qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] virtio device error reporting best practice?

From: Rusty Russell
Subject: Re: [Qemu-devel] virtio device error reporting best practice?
Date: Thu, 20 Mar 2014 14:10:50 +1030
User-agent: Notmuch/0.15.2 (http://notmuchmail.org) Emacs/23.4.1 (x86_64-pc-linux-gnu) 
Markus Armbruster <address@hidden> writes:
> Rusty Russell <address@hidden> writes:
>> The litmus test: does *your* guest handle failures other than by giving
>> up on the device?  If so, sure, you need to have a sane error-reporting
>> strategy.
>
> Err, isn't this a circular argument?  No need for QEMU to report the
> failure, because the guest won't handle it; no need to handle the
> failure, because QEMU won't report it.
>
> What about this: would you make your guest handle failures if they were
> reported?

Perhaps I was unclear, that's what I meant.

>>> The main reason I'm considering this stuff is for security reasons if
>>> the guest asks for something really illegal or crazy what should the
>>> expected behaviour of the host be? (at least secure I know that).
>>
>> If the guest userspace can do it, don't exit.  If the kernel only, and
>> it's should have known better, abort is OK.
>>
>> Sure that doesn't help much!
>
> Immediate exit() or abort() denies the guest the ability to degrade
> service gracefully (disable the device, cry for help and try to hobble
> on), or report its brokenness ungracefully (kernel panic, crash dump).
> I doubt denying that is okay unless the device is so important that
> without it you can't even hope to panic.

Oh yes, I completely agree with you!  But QEMU practice doesn't :)

Cheers,
Rusty.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]