On Wed, Aug 24, 2022 at 5:43 PM Alvaro Karsz <[email protected]> wrote: > > Hi Hannes, > > > a) let the device do the timeout: pass in a timeout value with the > > command, and allow the device to return an ETIMEDOUT error when the > > timeout expires. Then it's up to the device to do the necessary timeout > > handling; the server won't be involved at all (except for handling an > > ETIMEDOUT error) > > > This won't work if the device crashes.
Yes, from the view of the hardening. Driver should not trust/depend on device behaviour. > > > > > b) implement an 'abort' command. With that the server controls the > > timeout, and is allowed to send an 'abort' command when the timeout > > expires. That requires the device to be able to abort commands (which > > not all devices are able to), but avoids having to implement a timeout > > handling in the device. > > > I actually thought about this idea. > This may work, but you'll still have a few moments when the server > assumes that the command failed, and the network device assumes that > it succeeded. > So the server may still receive packets in an unexpected queue. Similar to the previous case. Driver should not trust the device to execute any command correctly. > > > > > > I am very much in favour of having timeouts for virtio commands; we've > > had several massive customer escalations which could have been solved if > > we were able to set the command timeout in the VM. > > As this was for virtio-scsi/virtio-block I would advocate to have a > > generic virtio command timeout, not a protocol-specific one. > > This may be difficult to implement. > Especially when multiple commands may be queued at the same time, and > the device can handle the commands in any order. > We'll need to add identifiers for every command. Having a timeout that is under the control of the driver might be possible. Anyhow this needs to be discussed in the virtio-dev. Thanks > > I'm actually referring here to the Linux kernel implementation of > virtnet control commands, in which the server spins for a response. > _______________________________________________ Virtualization mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/virtualization
