Il 28/04/2014 04:59, Michael S. Tsirkin ha scritto:
All in all, it seems like a lot of work.
But I think I see a nice elegant solution : stop the VM when
some device detects an internal error and becomes broken.
This should be a general event telling management that this
happened - similar to pvpanic event. Management will add
options to restart guest/reset guest/report to user/dump memory.
This is marginally better than exiting, but has the same problems. For
example, say we have nested VM with VT-d support in QEMU, and do PCI
passthrough of virtio devices. If the L2 device has a broken driver,
pausing the L1 virtual machine violates isolation just as much as
exiting QEMU.
Paolo
