Avi Kivity writes ("Re: [Qemu-devel] [PATCH] bdrv_flush error handling"): > For non-raw formats, you can pass through errors on data, but it is > impossible to recover on metadata errors, so dying on I/O error should > be fine.
You mean metadata write errors I assume. I don't see why a metadata read error is any worse than any other read error. The guest will often prefer to be told that the volume was broken and then to be denied the ability to continue accessing it. Who knows what the guest thinks of the device ? Perhaps it's an unimportant peripheral, or simulated network block device, used only for data interchange. Write errors for non-raw formats can easily be caused by a disk full situation on the host. Killing the guest hard is unfriendly for that situation. Ian.