Re: [PATCH v1 1/2] vfio-user: update comments

Thu, 25 May 2023 11:16:16 -0700 

On Thu, May 25, 2023 at 05:02:03PM +0200, Markus Armbruster wrote:
> Jagannathan Raman <jag.ra...@oracle.com> writes:
> 
> > Clarify the behavior of TYPE_VFU_OBJECT when TYPE_REMOTE_MACHINE enables
> > the auto-shutdown property. Also, add notes to VFU_OBJECT_ERROR.
> >
> > Signed-off-by: Jagannathan Raman <jag.ra...@oracle.com>
> > ---
> >  hw/remote/vfio-user-obj.c | 14 +++++++++++---
> >  1 file changed, 11 insertions(+), 3 deletions(-)
> >
> > diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
> > index 88ffafc73e..8b10c32a3c 100644
> > --- a/hw/remote/vfio-user-obj.c
> > +++ b/hw/remote/vfio-user-obj.c
> > @@ -30,6 +30,11 @@
> >   *
> >   * notes - x-vfio-user-server could block IO and monitor during the
> >   *         initialization phase.
> > + *
> > + *         When x-remote machine has the auto-shutdown property
> > + *         enabled (default), x-vfio-user-server terminates after the last
> > + *         client disconnects. Otherwise, it will continue running until
> > + *         explicitly killed.
> >   */
> >  
> >  #include "qemu/osdep.h"
> > @@ -61,9 +66,12 @@
> >  OBJECT_DECLARE_TYPE(VfuObject, VfuObjectClass, VFU_OBJECT)
> >  
> >  /**
> > - * VFU_OBJECT_ERROR - reports an error message. If auto_shutdown
> > - * is set, it aborts the machine on error. Otherwise, it logs an
> > - * error message without aborting.
> > + * VFU_OBJECT_ERROR - reports an error message.
> > + *
> > + * If auto_shutdown is set, it aborts the machine on error. Otherwise,
> > + * it logs an error message without aborting. auto_shutdown is disabled
> > + * when the server serves clients from multiple VMs; as such, an error
> > + * from one VM shouldn't be able to disrupt other VM's services.
> >   */
> >  #define VFU_OBJECT_ERROR(o, fmt, ...)                                     \
> >      {                                                                     \
> 
> I still very much doubt an error can be severe enough to justify abort()
> in one configuration, yet harmless enough to permit carrying on in
> another configuration.  But this patch merely documents what the code
> does, so

In both cases this vfio-user device is broken after the error occurs.
The difference in behavior is that in a multi-device server the other
devices should not be disrupted when one of them breaks.

Stefan

Attachment: signature.asc
Description: PGP signature

Reply via email to