On Mon, Nov 7, 2016 at 2:13 PM, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 7 November 2016 at 21:53, Alistair Francis > <alistair.fran...@xilinx.com> wrote: >> On Sat, Nov 5, 2016 at 6:51 AM, Peter Maydell <peter.mayd...@linaro.org> >> wrote: >>> Usually we just fail the migration if the incoming >>> data is bogus -- any particular reason not to take that >>> approach here? >> >> There is no reason, it just seemed a bit much to abort just for this. >> >> Should I change it to abort? > > I think there are two cases: > (1) migration from an old version could be in these > bogus states (without having crashed the old version > in the process) -- in that case you can argue for > sanitizing as being most helpful to the user > (and should comment that that's why we accept-but-squash)
I think this is actually very unlikely, anyone setting these values by accident has probably already seen crashes. > (2) the out-of-bounds values only happen if somebody > is deliberately feeding QEMU a bogus incoming data > stream -- in this case (which is the usual one for > bounds checks) it's best to return 1 to fail the > migration. This seems more likely, so it sounds like I should fail the migration. Thanks, Alistair > > thanks > -- PMM >
