qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] virtio device error reporting best practice?


From: Markus Armbruster
Subject: Re: [Qemu-devel] virtio device error reporting best practice?
Date: Thu, 20 Mar 2014 07:39:57 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux)

Rusty Russell <address@hidden> writes:

> Markus Armbruster <address@hidden> writes:
>> Rusty Russell <address@hidden> writes:
>>> The litmus test: does *your* guest handle failures other than by giving
>>> up on the device?  If so, sure, you need to have a sane error-reporting
>>> strategy.
>>
>> Err, isn't this a circular argument?  No need for QEMU to report the
>> failure, because the guest won't handle it; no need to handle the
>> failure, because QEMU won't report it.
>>
>> What about this: would you make your guest handle failures if they were
>> reported?
>
> Perhaps I was unclear, that's what I meant.
>
>>>> The main reason I'm considering this stuff is for security reasons if
>>>> the guest asks for something really illegal or crazy what should the
>>>> expected behaviour of the host be? (at least secure I know that).
>>>
>>> If the guest userspace can do it, don't exit.  If the kernel only, and
>>> it's should have known better, abort is OK.
>>>
>>> Sure that doesn't help much!
>>
>> Immediate exit() or abort() denies the guest the ability to degrade
>> service gracefully (disable the device, cry for help and try to hobble
>> on), or report its brokenness ungracefully (kernel panic, crash dump).
>> I doubt denying that is okay unless the device is so important that
>> without it you can't even hope to panic.
>
> Oh yes, I completely agree with you!  But QEMU practice doesn't :)

Ah, then we're in violent agreement :)

Time to cease the practice.  Will be hard as long as the code
is chock-full of bad examples.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]