From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43548) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fLi7c-0006v6-TA for qemu-devel@nongnu.org; Thu, 24 May 2018 00:45:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fLi7b-0002AA-8j for qemu-devel@nongnu.org; Thu, 24 May 2018 00:45:04 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:34436 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fLi7b-0002A1-4v for qemu-devel@nongnu.org; Thu, 24 May 2018 00:45:03 -0400 From: Peter Xu Date: Thu, 24 May 2018 12:44:53 +0800 Message-Id: <20180524044454.11792-2-peterx@redhat.com> In-Reply-To: <20180524044454.11792-1-peterx@redhat.com> References: <20180524044454.11792-1-peterx@redhat.com> Subject: [Qemu-devel] [PATCH v4 1/2] qemu-error: introduce {error|warn}_report_once List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , peterx@redhat.com, Jason Wang , "Michael S . Tsirkin" , Eric Blake , Markus Armbruster There are many error_report()s that can be used in frequently called functions, especially on IO paths. That can be unideal in that malicious guest can try to trigger the error tons of time which might use up the log space on the host (e.g., libvirt can capture the stderr of QEMU and put it persistently onto disk). In VT-d emulation code, we have trace_vtd_error() tracer. AFAIU all those places can be replaced by something like error_report() but trace points are mostly used to avoid the DDOS attack that mentioned above. However using trace points mean that errors are not dumped if trace not enabled. It's not a big deal in most modern server managements since we have things like logrotate to maintain the logs and make sure the quota is expected. However it'll still be nice that we just provide another way to restrict message generations. In most cases, this kind of error_report()s will only provide valid information on the first message sent, and all the rest of similar messages will be mostly talking about the same thing. This patch introduces *_report_once() helpers to allow a message to be dumped only once during one QEMU process's life cycle. It will make sure: (1) it's on by deffault, so we can even get something without turning the trace on and reproducing, and (2) it won't be affected by DDOS attack. To implement it, I stole the printk_once() macro from Linux. CC: Eric Blake CC: Markus Armbruster Signed-off-by: Peter Xu --- include/qemu/error-report.h | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/include/qemu/error-report.h b/include/qemu/error-report.h index e1c8ae1a52..c7ec54cb97 100644 --- a/include/qemu/error-report.h +++ b/include/qemu/error-report.h @@ -44,6 +44,38 @@ void error_report(const char *fmt, ...) GCC_FMT_ATTR(1, 2); void warn_report(const char *fmt, ...) GCC_FMT_ATTR(1, 2); void info_report(const char *fmt, ...) GCC_FMT_ATTR(1, 2); +/* + * Similar to error_report(), but it only prints the message once. It + * returns true when it prints the first time, otherwise false. + */ +#define error_report_once(fmt, ...) \ + ({ \ + static bool print_once_; \ + bool ret_print_once_ = !print_once_; \ + \ + if (!print_once_) { \ + print_once_ = true; \ + error_report(fmt, ##__VA_ARGS__); \ + } \ + unlikely(ret_print_once_); \ + }) + +/* + * Similar to warn_report(), but it only prints the message once. It + * returns true when it prints the first time, otherwise false. + */ +#define warn_report_once(fmt, ...) \ + ({ \ + static bool print_once_; \ + bool ret_print_once_ = !print_once_; \ + \ + if (!print_once_) { \ + print_once_ = true; \ + warn_report(fmt, ##__VA_ARGS__); \ + } \ + unlikely(ret_print_once_); \ + }) + const char *error_get_progname(void); extern bool enable_timestamp_msg; -- 2.17.0