Currently, virtio code chooses to kill QEMU if the guest passes any invalid data with vring. That has drawbacks such as losing unsaved data (e.g. when guest user is writing a very long email), or possible denial of service in a nested vm use case where virtio device is passed through.
virtio-1 has introduced a new status bit "NEEDS RESET" which could be used to improve this by communicating the error state between virtio devices and drivers. The device notifies guest upon setting the bit, then the guest driver should detect this bit and report to userspace, or recover the device by resetting it. This series makes necessary changes in virtio core code, based on which virtio-blk is converted. Other devices now keep the existing behavior by passing in "error_abort". They will be converted in following series. The Linux driver part will also be worked on. One concern with this behavior change is that it's now harder to notice the actual driver bug that caused the error, as the guest continues to run. To address that, we could probably add a new error action option to virtio devices, similar to the "read/write werror" in block layer, so the vm could be paused and the management will get an event in QMP like pvpanic. This work can be done on top. Fam Zheng (18): virtio: Return error from virtqueue_map_sg virtio: Return error from virtqueue_num_heads virtio: Return error from virtqueue_get_head virtio: Return error from virtqueue_next_desc virtio: Return error from virtqueue_get_avail_bytes virtio: Return error from virtqueue_pop virtio: Return error from virtqueue_avail_bytes virtio: Return error from virtio_add_queue virtio: Return error from virtio_del_queue virtio: Add macro for VIRTIO_CONFIG_S_NEEDS_RESET virtio: Add "needs_reset" flag to virtio device virtio: Return -EINVAL if the vdev needs reset in virtqueue_pop virtio-blk: Graceful error handling of virtqueue_pop qtest: Add "QTEST_FILTER" to filter test cases qtest: virtio-blk: Extract "setup" for future reuse libqos: Add qvirtio_needs_reset qtest: Add test case for "needs reset" of virtio-blk qtest: virtio-blk: Suppress virtio error messages in "make check" hw/9pfs/virtio-9p-device.c | 2 +- hw/9pfs/virtio-9p.c | 2 +- hw/block/dataplane/virtio-blk.c | 9 +- hw/block/virtio-blk.c | 62 +++++-- hw/char/virtio-serial-bus.c | 30 ++-- hw/net/virtio-net.c | 36 +++-- hw/scsi/virtio-scsi.c | 8 +- hw/virtio/virtio-balloon.c | 13 +- hw/virtio/virtio-rng.c | 6 +- hw/virtio/virtio.c | 214 ++++++++++++++++++------- include/hw/virtio/virtio-blk.h | 3 +- include/hw/virtio/virtio.h | 17 +- include/standard-headers/linux/virtio_config.h | 2 + tests/Makefile | 6 +- tests/libqos/virtio.c | 5 + tests/libqos/virtio.h | 2 + tests/virtio-blk-test.c | 196 ++++++++++++++++++++-- 17 files changed, 482 insertions(+), 131 deletions(-) -- 1.9.3
