From: Markus Armbruster <armbru@redhat.com>
To: Peter Xu <peterx@redhat.com>
Cc: qemu-devel@nongnu.org, "Peter Maydell" <peter.maydell@linaro.org>,
"Michael S . Tsirkin" <mst@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Halil Pasic" <pasic@linux.ibm.com>,
"Eric Auger" <eric.auger@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v5 1/3] qemu-error: introduce {error|warn}_report_once
Date: Wed, 15 Aug 2018 13:36:52 +0200 [thread overview]
Message-ID: <871sazn9nv.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <20180815095328.32414-2-peterx@redhat.com> (Peter Xu's message of "Wed, 15 Aug 2018 17:53:26 +0800")
Peter Xu <peterx@redhat.com> writes:
> There are many error_report()s that can be used in frequently called
> functions, especially on IO paths. That can be unideal in that
> malicious guest can try to trigger the error tons of time which might
> use up the log space on the host (e.g., libvirt can capture the stderr
> of QEMU and put it persistently onto disk). In VT-d emulation code, we
> have trace_vtd_error() tracer. AFAIU all those places can be replaced
> by something like error_report() but trace points are mostly used to
> avoid the DDOS attack that mentioned above. However using trace points
> mean that errors are not dumped if trace not enabled.
>
> It's not a big deal in most modern server managements since we have
> things like logrotate to maintain the logs and make sure the quota is
> expected. However it'll still be nice that we just provide another way
> to restrict message generations. In most cases, this kind of
> error_report()s will only provide valid information on the first message
> sent, and all the rest of similar messages will be mostly talking about
> the same thing. This patch introduces *_report_once() helpers to allow
> a message to be dumped only once during one QEMU process's life cycle.
> It will make sure: (1) it's on by deffault, so we can even get something
> without turning the trace on and reproducing, and (2) it won't be
> affected by DDOS attack.
>
> To implement it, I stole the printk_once() macro from Linux.
>
> CC: Eric Blake <eblake@redhat.com>
> CC: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Peter Xu <peterx@redhat.com>
> ---
> include/qemu/error-report.h | 32 ++++++++++++++++++++++++++++++++
> 1 file changed, 32 insertions(+)
>
> diff --git a/include/qemu/error-report.h b/include/qemu/error-report.h
> index e1c8ae1a52..c7ec54cb97 100644
> --- a/include/qemu/error-report.h
> +++ b/include/qemu/error-report.h
> @@ -44,6 +44,38 @@ void error_report(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
> void warn_report(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
> void info_report(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
>
> +/*
> + * Similar to error_report(), but it only prints the message once. It
> + * returns true when it prints the first time, otherwise false.
> + */
> +#define error_report_once(fmt, ...) \
> + ({ \
> + static bool print_once_; \
> + bool ret_print_once_ = !print_once_; \
> + \
> + if (!print_once_) { \
> + print_once_ = true; \
> + error_report(fmt, ##__VA_ARGS__); \
> + } \
> + unlikely(ret_print_once_); \
> + })
> +
> +/*
> + * Similar to warn_report(), but it only prints the message once. It
> + * returns true when it prints the first time, otherwise false.
> + */
> +#define warn_report_once(fmt, ...) \
> + ({ \
> + static bool print_once_; \
> + bool ret_print_once_ = !print_once_; \
> + \
> + if (!print_once_) { \
> + print_once_ = true; \
> + warn_report(fmt, ##__VA_ARGS__); \
> + } \
> + unlikely(ret_print_once_); \
> + })
> +
> const char *error_get_progname(void);
> extern bool enable_timestamp_msg;
With the touch-ups from my review of v4 squashed in (fixup patch
appended):
Reviewed-by: Markus Armbruster <armbru@redhat.com>
>From f57a2317c75bea5396a589b2d65933312850bb05 Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Wed, 15 Aug 2018 13:29:03 +0200
Subject: [PATCH] fixup! intel-iommu: start to use error_report_once
[Whitespace adjusted, comments improved]
---
include/qemu/error-report.h | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/include/qemu/error-report.h b/include/qemu/error-report.h
index c7ec54cb97..72fab2b031 100644
--- a/include/qemu/error-report.h
+++ b/include/qemu/error-report.h
@@ -45,35 +45,35 @@ void warn_report(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
void info_report(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
/*
- * Similar to error_report(), but it only prints the message once. It
- * returns true when it prints the first time, otherwise false.
+ * Similar to error_report(), except it prints the message just once.
+ * Return true when it prints, false otherwise.
*/
#define error_report_once(fmt, ...) \
({ \
- static bool print_once_; \
- bool ret_print_once_ = !print_once_; \
+ static bool print_once_; \
+ bool ret_print_once_ = !print_once_; \
\
- if (!print_once_) { \
- print_once_ = true; \
+ if (!print_once_) { \
+ print_once_ = true; \
error_report(fmt, ##__VA_ARGS__); \
} \
- unlikely(ret_print_once_); \
+ unlikely(ret_print_once_); \
})
/*
- * Similar to warn_report(), but it only prints the message once. It
- * returns true when it prints the first time, otherwise false.
+ * Similar to warn_report(), except it prints the message just once.
+ * Return true when it prints, false otherwise.
*/
#define warn_report_once(fmt, ...) \
({ \
- static bool print_once_; \
- bool ret_print_once_ = !print_once_; \
+ static bool print_once_; \
+ bool ret_print_once_ = !print_once_; \
\
- if (!print_once_) { \
- print_once_ = true; \
- warn_report(fmt, ##__VA_ARGS__); \
+ if (!print_once_) { \
+ print_once_ = true; \
+ warn_report(fmt, ##__VA_ARGS__); \
} \
- unlikely(ret_print_once_); \
+ unlikely(ret_print_once_); \
})
const char *error_get_progname(void);
--
2.17.1
next prev parent reply other threads:[~2018-08-15 11:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-15 9:53 [Qemu-devel] [PATCH v5 0/3] error-report: introduce {error|warn}_report_once Peter Xu
2018-08-15 9:53 ` [Qemu-devel] [PATCH v5 1/3] qemu-error: " Peter Xu
2018-08-15 11:36 ` Markus Armbruster [this message]
2018-08-15 9:53 ` [Qemu-devel] [PATCH v5 2/3] intel-iommu: start to use error_report_once Peter Xu
2018-08-15 11:37 ` Markus Armbruster
2018-08-15 12:17 ` Peter Xu
2018-08-27 13:10 ` Markus Armbruster
2018-08-15 9:53 ` [Qemu-devel] [PATCH v5 3/3] intel-iommu: replace more vtd_err_* traces Peter Xu
2018-08-27 13:17 ` Markus Armbruster
2018-08-28 3:26 ` Peter Xu
2018-08-15 11:39 ` [Qemu-devel] [PATCH v5 0/3] error-report: introduce {error|warn}_report_once Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871sazn9nv.fsf@dusky.pond.sub.org \
--to=armbru@redhat.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=f4bug@amsat.org \
--cc=jasowang@redhat.com \
--cc=mst@redhat.com \
--cc=pasic@linux.ibm.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.