On Fri, 24 Mar 2017 09:55:15 +0100
David Hildenbrand <david@xxxxxxxxxx> wrote:
>
> >>> - return r;
> >>> + if (i == bus->dev_count)
> >>> + return;
> >>>
> >>> new_bus = kmalloc(sizeof(*bus) + ((bus->dev_count - 1) *
> >>> sizeof(struct kvm_io_range)), GFP_KERNEL);
> >>> - if (!new_bus)
> >>> - return -ENOMEM;
> >>> + if (!new_bus) {
> >>> + pr_err("kvm: failed to shrink bus, removing it completely\n");
> >>> + goto broken;
> >>
> >> The guest will fail in mysterious ways, if you do this (and
> >> io_bus_unregister_dev can be called during runtime): in-kernel device
> >> accesses will fail with unknown behaviour in the guest.
>
> Actually, the next access to the BUS should result in -ENOMEM. And the
> error message should be enough to then figure out what went wrong.
Hopefully, an admin will look at the logs :)
But yes, the patch should have caught all issues in the host, and the
guest will basically be presented with broken "hardware".
> However, to hit this scenario at all feels very unlikely. So I would
> like to avoid advanced allocation schemes.
Agreed, spending too much time on complex recovery scenarios is
overkill for this unlikely case.
