diff mbox series

[v1,1/2] vfio-user: update comments

Message ID 7340a298bcda0268b3decdd772ebce84bfcedcd5.1684338236.git.jag.raman@oracle.com (mailing list archive)
State New, archived
Headers show
Series Fix the documentation for vfio-user and multi-process QEMU | expand

Commit Message

Jag Raman May 17, 2023, 4:43 p.m. UTC
Clarify the behavior of TYPE_VFU_OBJECT when TYPE_REMOTE_MACHINE enables
the auto-shutdown property. Also, add notes to VFU_OBJECT_ERROR.

Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
---
 hw/remote/vfio-user-obj.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

Comments

Markus Armbruster May 25, 2023, 3:02 p.m. UTC | #1
Jagannathan Raman <jag.raman@oracle.com> writes:

> Clarify the behavior of TYPE_VFU_OBJECT when TYPE_REMOTE_MACHINE enables
> the auto-shutdown property. Also, add notes to VFU_OBJECT_ERROR.
>
> Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
> ---
>  hw/remote/vfio-user-obj.c | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
> index 88ffafc73e..8b10c32a3c 100644
> --- a/hw/remote/vfio-user-obj.c
> +++ b/hw/remote/vfio-user-obj.c
> @@ -30,6 +30,11 @@
>   *
>   * notes - x-vfio-user-server could block IO and monitor during the
>   *         initialization phase.
> + *
> + *         When x-remote machine has the auto-shutdown property
> + *         enabled (default), x-vfio-user-server terminates after the last
> + *         client disconnects. Otherwise, it will continue running until
> + *         explicitly killed.
>   */
>  
>  #include "qemu/osdep.h"
> @@ -61,9 +66,12 @@
>  OBJECT_DECLARE_TYPE(VfuObject, VfuObjectClass, VFU_OBJECT)
>  
>  /**
> - * VFU_OBJECT_ERROR - reports an error message. If auto_shutdown
> - * is set, it aborts the machine on error. Otherwise, it logs an
> - * error message without aborting.
> + * VFU_OBJECT_ERROR - reports an error message.
> + *
> + * If auto_shutdown is set, it aborts the machine on error. Otherwise,
> + * it logs an error message without aborting. auto_shutdown is disabled
> + * when the server serves clients from multiple VMs; as such, an error
> + * from one VM shouldn't be able to disrupt other VM's services.
>   */
>  #define VFU_OBJECT_ERROR(o, fmt, ...)                                     \
>      {                                                                     \

I still very much doubt an error can be severe enough to justify abort()
in one configuration, yet harmless enough to permit carrying on in
another configuration.  But this patch merely documents what the code
does, so

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Stefan Hajnoczi May 25, 2023, 5:59 p.m. UTC | #2
On Thu, May 25, 2023 at 05:02:03PM +0200, Markus Armbruster wrote:
> Jagannathan Raman <jag.raman@oracle.com> writes:
> 
> > Clarify the behavior of TYPE_VFU_OBJECT when TYPE_REMOTE_MACHINE enables
> > the auto-shutdown property. Also, add notes to VFU_OBJECT_ERROR.
> >
> > Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
> > ---
> >  hw/remote/vfio-user-obj.c | 14 +++++++++++---
> >  1 file changed, 11 insertions(+), 3 deletions(-)
> >
> > diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
> > index 88ffafc73e..8b10c32a3c 100644
> > --- a/hw/remote/vfio-user-obj.c
> > +++ b/hw/remote/vfio-user-obj.c
> > @@ -30,6 +30,11 @@
> >   *
> >   * notes - x-vfio-user-server could block IO and monitor during the
> >   *         initialization phase.
> > + *
> > + *         When x-remote machine has the auto-shutdown property
> > + *         enabled (default), x-vfio-user-server terminates after the last
> > + *         client disconnects. Otherwise, it will continue running until
> > + *         explicitly killed.
> >   */
> >  
> >  #include "qemu/osdep.h"
> > @@ -61,9 +66,12 @@
> >  OBJECT_DECLARE_TYPE(VfuObject, VfuObjectClass, VFU_OBJECT)
> >  
> >  /**
> > - * VFU_OBJECT_ERROR - reports an error message. If auto_shutdown
> > - * is set, it aborts the machine on error. Otherwise, it logs an
> > - * error message without aborting.
> > + * VFU_OBJECT_ERROR - reports an error message.
> > + *
> > + * If auto_shutdown is set, it aborts the machine on error. Otherwise,
> > + * it logs an error message without aborting. auto_shutdown is disabled
> > + * when the server serves clients from multiple VMs; as such, an error
> > + * from one VM shouldn't be able to disrupt other VM's services.
> >   */
> >  #define VFU_OBJECT_ERROR(o, fmt, ...)                                     \
> >      {                                                                     \
> 
> I still very much doubt an error can be severe enough to justify abort()
> in one configuration, yet harmless enough to permit carrying on in
> another configuration.  But this patch merely documents what the code
> does, so

In both cases this vfio-user device is broken after the error occurs.
The difference in behavior is that in a multi-device server the other
devices should not be disrupted when one of them breaks.

Stefan
diff mbox series

Patch

diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index 88ffafc73e..8b10c32a3c 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -30,6 +30,11 @@ 
  *
  * notes - x-vfio-user-server could block IO and monitor during the
  *         initialization phase.
+ *
+ *         When x-remote machine has the auto-shutdown property
+ *         enabled (default), x-vfio-user-server terminates after the last
+ *         client disconnects. Otherwise, it will continue running until
+ *         explicitly killed.
  */
 
 #include "qemu/osdep.h"
@@ -61,9 +66,12 @@ 
 OBJECT_DECLARE_TYPE(VfuObject, VfuObjectClass, VFU_OBJECT)
 
 /**
- * VFU_OBJECT_ERROR - reports an error message. If auto_shutdown
- * is set, it aborts the machine on error. Otherwise, it logs an
- * error message without aborting.
+ * VFU_OBJECT_ERROR - reports an error message.
+ *
+ * If auto_shutdown is set, it aborts the machine on error. Otherwise,
+ * it logs an error message without aborting. auto_shutdown is disabled
+ * when the server serves clients from multiple VMs; as such, an error
+ * from one VM shouldn't be able to disrupt other VM's services.
  */
 #define VFU_OBJECT_ERROR(o, fmt, ...)                                     \
     {                                                                     \