On 08/26/2010 03:14 AM, Daniel P. Berrange wrote:
On Thu, Aug 26, 2010 at 10:05:44AM +0200, Paolo Bonzini wrote:
On 08/26/2010 08:05 AM, Amit Shah wrote:
This is what I have currently. It would need some timer handling in
the save/load case as well, right?
When loading you won't have any pending "info balloon" command, so I
think the timer need not be preserved across migration.
Also, 5 seconds for a stopped guest is actually a lot, so maybe Amit's
original patch or a variant thereof would make sense anyway.
We should have a combination of both. If we know the guest is stopped
we should return immediately, otherwise we should use the timer as a
way to cope with a crashed/evil guest.
Stopped doesn't necessarily mean that it's permanently stopped or even
that a user has stopped it.
We stop a guest during live migration and in some other cases (like on
disk error).
Returning immediately is an optimization on something that should be a
proper fix. Otherwise, you have a guest initiated DoS attack on
management tools.
Regards,
Anthony Liguori
Daniel
