[v1] Error reporting cleanup, a fix, and &error_warn removal

[PATCH 02/12] tcg: Fix error reporting on mprotect() failure in tcg_region_init()

Posted by Markus Armbruster 4 months, 1 week ago

tcg_region_init() calls one of qemu_mprotect_rwx(),
qemu_mprotect_rw(), and mprotect(), then reports failure with
error_setg_errno(&error_fatal, errno, ...).

The use of &error_fatal is undesirable.  qapi/error.h advises:

 * Please don't error_setg(&error_fatal, ...), use error_report() and
 * exit(), because that's more obvious.

The use of errno is wrong.  qemu_mprotect_rwx() and qemu_mprotect_rw()
wrap around qemu_mprotect__osdep().  qemu_mprotect__osdep() calls
mprotect() on POSIX, VirtualProtect() on Windows, and reports failure
with error_report().  VirtualProtect() doesn't set errno.  mprotect()
does, but error_report() may clobber it.

Fix tcg_region_init() to report errors only when it calls mprotect(),
and rely on qemu_mprotect_rwx()'s and qemu_mprotect_rw()'s error
reporting otherwise.  Use error_report(), not error_setg().

Fixes: 22c6a9938f75 (tcg: Merge buffer protection and guard page protection)
Fixes: 6bc144237a85 (tcg: Use Error with alloc_code_gen_buffer)
Cc: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 tcg/region.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tcg/region.c b/tcg/region.c
index 7ea0b37a84..74e3b4b774 100644
--- a/tcg/region.c
+++ b/tcg/region.c
@@ -832,13 +832,17 @@ void tcg_region_init(size_t tb_size, int splitwx, unsigned max_threads)
             } else {
 #ifdef CONFIG_POSIX
                 rc = mprotect(start, end - start, need_prot);
+                if (rc) {
+                    error_report("mprotect of jit buffer: %s",
+                                 strerror(errno));
+                }
+
 #else
                 g_assert_not_reached();
 #endif
             }
             if (rc) {
-                error_setg_errno(&error_fatal, errno,
-                                 "mprotect of jit buffer");
+                exit(1);
             }
         }
         if (have_prot != 0) {
-- 
2.49.0

Re: [PATCH 02/12] tcg: Fix error reporting on mprotect() failure in tcg_region_init()

Posted by Daniel P. Berrangé 3 months, 3 weeks ago

On Fri, Aug 08, 2025 at 10:08:13AM +0200, Markus Armbruster wrote:
> tcg_region_init() calls one of qemu_mprotect_rwx(),
> qemu_mprotect_rw(), and mprotect(), then reports failure with
> error_setg_errno(&error_fatal, errno, ...).
> 
> The use of &error_fatal is undesirable.  qapi/error.h advises:
> 
>  * Please don't error_setg(&error_fatal, ...), use error_report() and
>  * exit(), because that's more obvious.
> 
> The use of errno is wrong.  qemu_mprotect_rwx() and qemu_mprotect_rw()
> wrap around qemu_mprotect__osdep().  qemu_mprotect__osdep() calls
> mprotect() on POSIX, VirtualProtect() on Windows, and reports failure
> with error_report().  VirtualProtect() doesn't set errno.  mprotect()
> does, but error_report() may clobber it.
> 
> Fix tcg_region_init() to report errors only when it calls mprotect(),
> and rely on qemu_mprotect_rwx()'s and qemu_mprotect_rw()'s error
> reporting otherwise.  Use error_report(), not error_setg().
> 
> Fixes: 22c6a9938f75 (tcg: Merge buffer protection and guard page protection)
> Fixes: 6bc144237a85 (tcg: Use Error with alloc_code_gen_buffer)
> Cc: Richard Henderson <richard.henderson@linaro.org>
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
> ---
>  tcg/region.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH 02/12] tcg: Fix error reporting on mprotect() failure in tcg_region_init()

Posted by Philippe Mathieu-Daudé 4 months, 1 week ago

Hi Markus,

On 8/8/25 10:08, Markus Armbruster wrote:
> tcg_region_init() calls one of qemu_mprotect_rwx(),
> qemu_mprotect_rw(), and mprotect(), then reports failure with
> error_setg_errno(&error_fatal, errno, ...).
> 
> The use of &error_fatal is undesirable.  qapi/error.h advises:
> 
>   * Please don't error_setg(&error_fatal, ...), use error_report() and
>   * exit(), because that's more obvious.
> 
> The use of errno is wrong.  qemu_mprotect_rwx() and qemu_mprotect_rw()
> wrap around qemu_mprotect__osdep().  qemu_mprotect__osdep() calls
> mprotect() on POSIX, VirtualProtect() on Windows, and reports failure
> with error_report().  VirtualProtect() doesn't set errno.  mprotect()
> does, but error_report() may clobber it.
> 
> Fix tcg_region_init() to report errors only when it calls mprotect(),
> and rely on qemu_mprotect_rwx()'s and qemu_mprotect_rw()'s error
> reporting otherwise.  Use error_report(), not error_setg().
> 
> Fixes: 22c6a9938f75 (tcg: Merge buffer protection and guard page protection)
> Fixes: 6bc144237a85 (tcg: Use Error with alloc_code_gen_buffer)
> Cc: Richard Henderson <richard.henderson@linaro.org>
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
> ---
>   tcg/region.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/tcg/region.c b/tcg/region.c
> index 7ea0b37a84..74e3b4b774 100644
> --- a/tcg/region.c
> +++ b/tcg/region.c
> @@ -832,13 +832,17 @@ void tcg_region_init(size_t tb_size, int splitwx, unsigned max_threads)
>               } else {
>   #ifdef CONFIG_POSIX
>                   rc = mprotect(start, end - start, need_prot);
> +                if (rc) {
> +                    error_report("mprotect of jit buffer: %s",
> +                                 strerror(errno));
> +                }
> +
>   #else
>                   g_assert_not_reached();
>   #endif
>               }
>               if (rc) {
> -                error_setg_errno(&error_fatal, errno,
> -                                 "mprotect of jit buffer");
> +                exit(1);

- Before:

Error displayed when qemu_mprotect_rwx/qemu_mprotect_rw/mprotect fail,
then exit.

- After:

Error only displayed when mprotect() fails, then exit.
Nothing displayed when qemu_mprotect_rwx() or qemu_mprotect_rw() failed,
and exit.

Can we keep the "mprotect of jit buffer" string displayed before
exiting, but using error_report()?

>               }
>           }
>           if (have_prot != 0) {

Re: [PATCH 02/12] tcg: Fix error reporting on mprotect() failure in tcg_region_init()

Posted by Daniel P. Berrangé 3 months, 3 weeks ago

On Fri, Aug 08, 2025 at 04:00:42PM +0200, Philippe Mathieu-Daudé wrote:
> Hi Markus,
> 
> On 8/8/25 10:08, Markus Armbruster wrote:
> > tcg_region_init() calls one of qemu_mprotect_rwx(),
> > qemu_mprotect_rw(), and mprotect(), then reports failure with
> > error_setg_errno(&error_fatal, errno, ...).
> > 
> > The use of &error_fatal is undesirable.  qapi/error.h advises:
> > 
> >   * Please don't error_setg(&error_fatal, ...), use error_report() and
> >   * exit(), because that's more obvious.
> > 
> > The use of errno is wrong.  qemu_mprotect_rwx() and qemu_mprotect_rw()
> > wrap around qemu_mprotect__osdep().  qemu_mprotect__osdep() calls
> > mprotect() on POSIX, VirtualProtect() on Windows, and reports failure
> > with error_report().  VirtualProtect() doesn't set errno.  mprotect()
> > does, but error_report() may clobber it.
> > 
> > Fix tcg_region_init() to report errors only when it calls mprotect(),
> > and rely on qemu_mprotect_rwx()'s and qemu_mprotect_rw()'s error
> > reporting otherwise.  Use error_report(), not error_setg().
> > 
> > Fixes: 22c6a9938f75 (tcg: Merge buffer protection and guard page protection)
> > Fixes: 6bc144237a85 (tcg: Use Error with alloc_code_gen_buffer)
> > Cc: Richard Henderson <richard.henderson@linaro.org>
> > Signed-off-by: Markus Armbruster <armbru@redhat.com>
> > ---
> >   tcg/region.c | 8 ++++++--
> >   1 file changed, 6 insertions(+), 2 deletions(-)
> > 
> > diff --git a/tcg/region.c b/tcg/region.c
> > index 7ea0b37a84..74e3b4b774 100644
> > --- a/tcg/region.c
> > +++ b/tcg/region.c
> > @@ -832,13 +832,17 @@ void tcg_region_init(size_t tb_size, int splitwx, unsigned max_threads)
> >               } else {
> >   #ifdef CONFIG_POSIX
> >                   rc = mprotect(start, end - start, need_prot);
> > +                if (rc) {
> > +                    error_report("mprotect of jit buffer: %s",
> > +                                 strerror(errno));
> > +                }
> > +
> >   #else
> >                   g_assert_not_reached();
> >   #endif
> >               }
> >               if (rc) {
> > -                error_setg_errno(&error_fatal, errno,
> > -                                 "mprotect of jit buffer");
> > +                exit(1);
> 
> - Before:
> 
> Error displayed when qemu_mprotect_rwx/qemu_mprotect_rw/mprotect fail,
> then exit.
> 
> - After:
> 
> Error only displayed when mprotect() fails, then exit.
> Nothing displayed when qemu_mprotect_rwx() or qemu_mprotect_rw() failed,
> and exit.

Check the impl in qemu_mprotect__osdep - it calls error_report already,
so those code paths didn't need to be changedin this patch.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|