Re: [Qemu-devel] Error handling in realize() methods

[Markus Armbruster]

Paolo Bonzini <address@hidden> writes:

> On 10/12/2015 12:06, Markus Armbruster wrote:
>> Paolo Bonzini <address@hidden> writes:
>> 
>>> On 09/12/2015 10:30, Markus Armbruster wrote:
>>>> My current working assumption is that passing &error_fatal to
>>>> memory_region_init_ram() & friends is okay even in realize() methods and
>>>> their supporting code, except when the allocation can be large.
>>>
>>> I suspect a lot of memory_region_init_ram()s could be considered
>>> potentially large (at least in the 16-64 megabytes range).  Propagation
>>> of memory_region_init_ram() failures is easy enough, thanks to Error**,
>>> that we should just do it.
>> 
>> Propagating an out-of-memory error right in realize() is easy.  What's
>> not so easy is making realize() fail cleanly (all side effects undone;
>> we get that wrong in many places), and finding and propagating
>> out-of-memory errors hiding deeper in the call tree.
>
> grep is your friend.  We're talking of a subset of these:
[...]

Yes, finding just the guest memory allocations isn't hard.  But making
them fail cleanly is, judging from the code that gets it wrong.

[...]