It was proposed at RedHat (https://bugzilla.redhat.com/show_bug.cgi?id=865336) that we should explicitly set Libvirt to stop VMs on drive read/write errors, and then detect that and somehow set a piece of state in nova.
Actually stopping on errors is supported via libvirt's error_policy (for both, override read error policy with rerror_policy) on the driver tag for the disk specification (http://libvirt.org/formatdomain.html#elementsDisks). According to the libvirt doc, the default setting for libvirt is REPORT (which, according to the qemu documentation, means report it to the guest OS: http://qemu.weilnetz.de/qemu-doc.html#sec_005finvocation).
So, injecting it in to the configuration should be pretty easy, but we probably also want to provide a configuration option too (which is easy enough as well).
As for state, perhaps we could use the metadata tag (http://libvirt.org/formatdomain.html#elementsMetadata) and have to store a flag, but we'd need to figure out how to detect if the stopping of the VM was intentional or accidental (we could manually set the flag to "on_purpose" whenever we intentionally shut down the vm, then look and see if the vm is shut down but on_purpose is not set). I was looking through, and I didn't see any hooks in libvirt for this purpose, but I may have missed one. Ideas?