On Thu, 24 Mar 2016 17:56:49 +0000
Stefan Hajnoczi <stefa...@redhat.com> wrote:
> QEMU prints an error message and exits when the device enters an invalid
> state. Terminating the process is heavy-handed. The guest may still be
> able to function even if there is a bug in a virtio guest driver.
>
> Moreover, exiting is a bug in nested virtualization where a nested guest
> could DoS other nested guests by killing a pass-through virtio device.
> I don't think this configuration is possible today but it is likely in
> the future.
>
> If the broken flag is set, do not process virtqueues or write back used
> descriptors. The broken flag can be cleared again by resetting the
> device.
>
> Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
> ---
> hw/virtio/virtio.c | 34 ++++++++++++++++++++++++++++++++++
> include/hw/virtio/virtio.h | 3 +++
> 2 files changed, 37 insertions(+)
> +void GCC_FMT_ATTR(2, 3) virtio_error(VirtIODevice *vdev, const char *fmt,
> ...)
> +{
> + va_list ap;
> +
> + va_start(ap, fmt);
> + error_vreport(fmt, ap);
> + va_end(ap);
> +
> + vdev->broken = true;
We should set the NEEDS_RESET status flag for virtio-1 devices here, I
think.
> +}
> +
