Re: [PATCH 02/12] tcg: Fix error reporting on mprotect() failure in tcg_region_init()

[Daniel P . Berrangé]

On Fri, Aug 08, 2025 at 04:00:42PM +0200, Philippe Mathieu-Daudé wrote:
> Hi Markus,
> 
> On 8/8/25 10:08, Markus Armbruster wrote:
> > tcg_region_init() calls one of qemu_mprotect_rwx(),
> > qemu_mprotect_rw(), and mprotect(), then reports failure with
> > error_setg_errno(&error_fatal, errno, ...).
> > 
> > The use of &error_fatal is undesirable.  qapi/error.h advises:
> > 
> >   * Please don't error_setg(&error_fatal, ...), use error_report() and
> >   * exit(), because that's more obvious.
> > 
> > The use of errno is wrong.  qemu_mprotect_rwx() and qemu_mprotect_rw()
> > wrap around qemu_mprotect__osdep().  qemu_mprotect__osdep() calls
> > mprotect() on POSIX, VirtualProtect() on Windows, and reports failure
> > with error_report().  VirtualProtect() doesn't set errno.  mprotect()
> > does, but error_report() may clobber it.
> > 
> > Fix tcg_region_init() to report errors only when it calls mprotect(),
> > and rely on qemu_mprotect_rwx()'s and qemu_mprotect_rw()'s error
> > reporting otherwise.  Use error_report(), not error_setg().
> > 
> > Fixes: 22c6a9938f75 (tcg: Merge buffer protection and guard page protection)
> > Fixes: 6bc144237a85 (tcg: Use Error with alloc_code_gen_buffer)
> > Cc: Richard Henderson <richard.hender...@linaro.org>
> > Signed-off-by: Markus Armbruster <arm...@redhat.com>
> > ---
> >   tcg/region.c | 8 ++++++--
> >   1 file changed, 6 insertions(+), 2 deletions(-)
> > 
> > diff --git a/tcg/region.c b/tcg/region.c
> > index 7ea0b37a84..74e3b4b774 100644
> > --- a/tcg/region.c
> > +++ b/tcg/region.c
> > @@ -832,13 +832,17 @@ void tcg_region_init(size_t tb_size, int splitwx, 
> > unsigned max_threads)
> >               } else {
> >   #ifdef CONFIG_POSIX
> >                   rc = mprotect(start, end - start, need_prot);
> > +                if (rc) {
> > +                    error_report("mprotect of jit buffer: %s",
> > +                                 strerror(errno));
> > +                }
> > +
> >   #else
> >                   g_assert_not_reached();
> >   #endif
> >               }
> >               if (rc) {
> > -                error_setg_errno(&error_fatal, errno,
> > -                                 "mprotect of jit buffer");
> > +                exit(1);
> 
> - Before:
> 
> Error displayed when qemu_mprotect_rwx/qemu_mprotect_rw/mprotect fail,
> then exit.
> 
> - After:
> 
> Error only displayed when mprotect() fails, then exit.
> Nothing displayed when qemu_mprotect_rwx() or qemu_mprotect_rw() failed,
> and exit.

Check the impl in qemu_mprotect__osdep - it calls error_report already,
so those code paths didn't need to be changedin this patch.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|