Re: [Qemu-devel] Crash: When Host HDD is full

[Paul Brook]

> >> Qemu might freeze the guest when it gets -ENOSPC, and say, retry every
> >> second or wait for user input on the monitor.
> >
> > Better would IMHO be to report an IO error to the guest and allow that to
> > decide what to do. If you're bothered about robustness and reliability
> > then arbitrarily stopping the guest is not acceptable behaviour. There's
> > no guarantee that space will become available in a finite timeframe.
>
> I've considered that, and I'm not sure.  You will likely get a storm of
> I/O errors on ENOSPC; with several ways for disaster to strike:
> - the guest doesn't handle I/O errors well, and keeps writing.  some of
> the writes are overwrites so they hit the disk and data is corrupted

If an guest OS ignores IO write errors it's just plain broken.

> - the guest decides the disk is bad because it has too many errors and
> initiates some recovery procedure
>
> Stopping the guest at least guarantees nothing unexpected happens.  If 
> it's part of a managed solution we can output a message to the monitor
> which eventually finds its way to the operator.

I don't buy this argument.  If you don't want "unexpected" things to happen 
then the solution is simple: Make sure you never run out of disk space. 

The fact is that your (virtual) disk *is* broken at this point. The guest OS 
is in a much better position to decide on an appropriate course of action, 
either by retrying or some other recovery mechanism.

There are various error contitions that could be used, for example 
write-protect.

Paul