mbox series

[v6,0/8] block: improve error reporting for unsupported O_DIRECT

Message ID 20200903152210.1917355-1-berrange@redhat.com
Headers show
Series block: improve error reporting for unsupported O_DIRECT | expand

Message

Daniel P. Berrangé Sept. 3, 2020, 3:22 p.m. UTC 
v1: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg00269.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg00589.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg07098.html
v4: https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg05334.html
v5: https://lists.gnu.org/archive/html/qemu-devel/2020-09/msg00947.html

See patch commit messages for rationale

Ideally we would convert other callers of qemu_open_old to use
qemu_open, and eventually remove qemu_open_old entirely, so every
caller gets use of Error **errp.

Improved in v6:

 - Fix errno regression dup'ing FD
 - Move qapi header to correct patch
 - Fix whitespace and commit messages
 - Converted more use of qemu_open to qemu_open_old after rebase

Improved in v5:

 - Drop reporting of flags in failed open call
 - Split O_CLOEXEC handling off into separate helper
 - Refactor monitor FD set APIs to simplify their use

Improved in v4:

 - Use assert() for programmer mistakes
 - Split second patch into three distinct parts
 - Misc typos
 - Improve commit message

Improved in v3:

 - Re-arrange the patches series, so that the conversion to Error
   takes place first, then the improve O_DIRECT reporting
 - Rename existing method to qemu_open_old
 - Use a pair of new methods qemu_open + qemu_create to improve
   arg checking

Improved in v2:

 - Mention that qemu_open_err is preferred over qemu_open
 - Get rid of obsolete error_report call
 - Simplify O_DIRECT handling
 - Fixup iotests for changed error message text

Daniel P. Berrangé (8):
  monitor: simplify functions for getting a dup'd fdset entry
  util: split off a helper for dealing with O_CLOEXEC flag
  util: rename qemu_open() to qemu_open_old()
  util: refactor qemu_open_old to split off variadic args handling
  util: add Error object for qemu_open_internal error reporting
  util: introduce qemu_open and qemu_create with error reporting
  util: give a specific error message when O_DIRECT doesn't work
  block/file: switch to use qemu_open/qemu_create for improved errors

 accel/kvm/kvm-all.c            |   2 +-
 backends/rng-random.c          |   2 +-
 backends/tpm/tpm_passthrough.c |   8 +--
 block/file-posix.c             |  16 ++---
 block/file-win32.c             |   5 +-
 block/vvfat.c                  |   5 +-
 chardev/char-fd.c              |   2 +-
 chardev/char-pipe.c            |   6 +-
 chardev/char.c                 |   2 +-
 dump/dump.c                    |   2 +-
 hw/s390x/s390-skeys.c          |   2 +-
 hw/usb/host-libusb.c           |   2 +-
 hw/usb/u2f-passthru.c          |   4 +-
 hw/vfio/common.c               |   4 +-
 include/monitor/monitor.h      |   3 +-
 include/qemu/osdep.h           |   9 ++-
 io/channel-file.c              |   2 +-
 monitor/misc.c                 |  58 ++++++++----------
 net/vhost-vdpa.c               |   2 +-
 os-posix.c                     |   2 +-
 qga/channel-posix.c            |   4 +-
 qga/commands-posix.c           |   6 +-
 stubs/fdset.c                  |   8 +--
 target/arm/kvm.c               |   2 +-
 ui/console.c                   |   2 +-
 util/osdep.c                   | 104 +++++++++++++++++++++++----------
 util/oslib-posix.c             |   2 +-
 27 files changed, 150 insertions(+), 116 deletions(-)

-- 
2.26.2

Comments

Richard Henderson Sept. 3, 2020, 4:51 p.m. UTC | #1 
On 9/3/20 8:22 AM, Daniel P. Berrangé wrote:
> Currently code has to call monitor_fdset_get_fd, then dup
> the return fd, and then add the duplicate FD back into the
> fdset. This dance is overly verbose for the caller and
> introduces extra failure modes which can be avoided by
> folding all the logic into monitor_fdset_dup_fd_add and
> removing monitor_fdset_get_fd entirely.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  include/monitor/monitor.h |  3 +-
>  include/qemu/osdep.h      |  1 +
>  monitor/misc.c            | 58 +++++++++++++++++----------------------
>  stubs/fdset.c             |  8 ++----
>  util/osdep.c              | 19 ++-----------
>  5 files changed, 32 insertions(+), 57 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~
Richard Henderson Sept. 3, 2020, 4:51 p.m. UTC | #2 
On 9/3/20 8:22 AM, Daniel P. Berrangé wrote:
> We want to introduce a new version of qemu_open() that uses an Error
> object for reporting problems and make this it the preferred interface.
> Rename the existing method to release the namespace for the new impl.
> 
> Reviewed-by: Eric Blake <eblake@redhat.com>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> Reviewed-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~
Richard Henderson Sept. 3, 2020, 4:54 p.m. UTC | #3 
On 9/3/20 8:22 AM, Daniel P. Berrangé wrote:
> qemu_open_old() works like open(): set errno and return -1 on failure.
> It has even more failure modes, though.  Reporting the error clearly
> to users is basically impossible for many of them.
> 
> Our standard cure for "errno is too coarse" is the Error object.
> Introduce two new helper methods:
> 
>   int qemu_open(const char *name, int flags, Error **errp);
>   int qemu_create(const char *name, int flags, mode_t mode, Error **errp);
> 
> Note that with this design we no longer require or even accept the
> O_CREAT flag. Avoiding overloading the two distinct operations
> means we can avoid variable arguments which would prevent 'errp' from
> being the last argument. It also gives us a guarantee that the 'mode' is
> given when creating files, avoiding a latent security bug.
> 
> Reviewed-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~
Richard Henderson Sept. 3, 2020, 4:56 p.m. UTC | #4 
On 9/3/20 8:22 AM, Daniel P. Berrangé wrote:
> Currently at startup if using cache=none on a filesystem lacking
> O_DIRECT such as tmpfs, at startup QEMU prints
> 
> qemu-system-x86_64: -drive file=/tmp/foo.img,cache=none: file system may not support O_DIRECT
> qemu-system-x86_64: -drive file=/tmp/foo.img,cache=none: Could not open '/tmp/foo.img': Invalid argument
> 
> while at QMP level the hint is missing, so QEMU reports just
> 
>   "error": {
>       "class": "GenericError",
>       "desc": "Could not open '/tmp/foo.img': Invalid argument"
>   }
> 
> which is close to useless for the end user trying to figure out what
> they did wrong.
> 
> With this change at startup QEMU prints
> 
> qemu-system-x86_64: -drive file=/tmp/foo.img,cache=none: Unable to open '/tmp/foo.img': filesystem does not support O_DIRECT
> 
> while at the QMP level QEMU reports a massively more informative
> 
>   "error": {
>      "class": "GenericError",
>      "desc": "Unable to open '/tmp/foo.img': filesystem does not support O_DIRECT"
>   }
> 
> Reviewed-by: Eric Blake <eblake@redhat.com>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> Reviewed-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~
Markus Armbruster Sept. 4, 2020, 7:33 a.m. UTC | #5 
Daniel P. Berrangé <berrange@redhat.com> writes:

> Currently code has to call monitor_fdset_get_fd, then dup
> the return fd, and then add the duplicate FD back into the
> fdset. This dance is overly verbose for the caller and
> introduces extra failure modes which can be avoided by
> folding all the logic into monitor_fdset_dup_fd_add and
> removing monitor_fdset_get_fd entirely.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>