Daniel P. Berrangé <[email protected]> writes: > The monitor_cur_hmp() function will acquire/release mutex locks, which > will trigger trace probes, which can in turn trigger qemu_log() calls. > vreport() calls monitor_cur() multiple times through its execution > both directly and indirectly via error_vprintf().
This issue goes back to commit e69ee454b5f9 (monitor: Make current monitor a per-coroutine property). I've always disliked the hash table (which is why we need to take the mutex), and now I dislike it even more. See also my review of PATCH 02. I'd love to have a lockless monitor_cur() again. But I don't have one up my sleeve, so we need to work around the issue somehow. > The result is that the prefix information printed by vreport() gets > interleaved with qemu_log() output, when run outside the context of > an HMP command dispatcher. This can be seen with: [...] > To avoid this interleaving (as well as reduce the huge number of > mutex lock/unlock calls) we need to ensure that monitor_cur_hmp() is > only called once at the start of vreport(), and if no HMP is present, > no further monitor APIs can be called. > > This implies error_[v]printf() cannot be called from vreport(). > > Instead a decision about whether output will go to monitor_[v]printf() > or fprintf() must be made upfront, and then those functions called > directly. > > $ qemu-system-x86_64 > -msg timestamp=on,guest-name=on > -display none > -object tls-creds-x509,id=f,dir=fish > -name fish > -d trace:qemu_mutex* > 2025-09-10T16:31:22.701691Z qemu_mutex_unlock released mutex > 0x5626fd3b84c0 (/var/home/berrange/src/virt/qemu/include/qemu/lockable.h:56) > 2025-09-10T16:31:22.701728Z qemu_mutex_lock waiting on mutex > 0x5626fd3b53e0 (/var/home/berrange/src/virt/qemu/include/qemu/lockable.h:56) > 2025-09-10T16:31:22.701730Z qemu_mutex_locked taken mutex 0x5626fd3b53e0 > (/var/home/berrange/src/virt/qemu/include/qemu/lockable.h:56) > 2025-09-10T16:31:22.701732Z qemu_mutex_unlock released mutex > 0x5626fd3b53e0 (/var/home/berrange/src/virt/qemu/include/qemu/lockable.h:56) > 2025-09-10T16:31:22.703989Z qemu_mutex_lock waiting on mutex > 0x5626fd3b5560 (../monitor/monitor.c:91) > 2025-09-10T16:31:22.703996Z qemu_mutex_locked taken mutex 0x5626fd3b5560 > (../monitor/monitor.c:91) > 2025-09-10T16:31:22.703999Z qemu_mutex_unlock released mutex > 0x5626fd3b5560 (../monitor/monitor.c:96) > 2025-09-10T16:31:22.704000Z fish qemu-system-x86_64: Unable to access > credentials fish/ca-cert.pem: No such file or directory > > This change requires adding a stub for monitor_printf() since that > is now called directly by vreport(), where monitor_vprintf() was > only needed previously. > > Signed-off-by: Daniel P. Berrangé <[email protected]> > --- > stubs/monitor-core.c | 5 +++ > tests/unit/test-util-sockets.c | 1 + > util/error-report.c | 60 ++++++++++++++++++++++++---------- > 3 files changed, 48 insertions(+), 18 deletions(-) > > diff --git a/stubs/monitor-core.c b/stubs/monitor-core.c > index 1e0b11ec29..70b1f7a994 100644 > --- a/stubs/monitor-core.c > +++ b/stubs/monitor-core.c > @@ -30,3 +30,8 @@ int monitor_vprintf(Monitor *mon, const char *fmt, va_list > ap) > { > abort(); > } > + > +int monitor_printf(Monitor *mon, const char *fmt, ...) > +{ > + abort(); > +} > diff --git a/tests/unit/test-util-sockets.c b/tests/unit/test-util-sockets.c > index d40813c682..53733163dd 100644 > --- a/tests/unit/test-util-sockets.c > +++ b/tests/unit/test-util-sockets.c > @@ -76,6 +76,7 @@ Monitor *monitor_cur_hmp(void) { return cur_mon; } > bool monitor_cur_is_qmp(void) { return false; } > Monitor *monitor_set_cur(Coroutine *co, Monitor *mon) { abort(); } > int monitor_vprintf(Monitor *mon, const char *fmt, va_list ap) { abort(); } > +int monitor_printf(Monitor *mon, const char *fmt, ...) { abort(); } > > #ifndef _WIN32 > static void test_socket_fd_pass_name_good(void) > diff --git a/util/error-report.c b/util/error-report.c > index c0fcf388de..6c887047e3 100644 > --- a/util/error-report.c > +++ b/util/error-report.c > @@ -29,6 +29,9 @@ bool message_with_timestamp; > bool error_with_guestname; > const char *error_guest_name; > > +typedef void (*error_print_func)(void *opaque, const char *fmt, ...); > +typedef void (*error_print_vfunc)(void *opaque, const char *fmt, va_list ap); > + > /* > * Print to current monitor if we have one, else to stderr. > */ > @@ -151,34 +154,34 @@ void loc_set_file(const char *fname, int lno) > /* > * Print current location to current monitor if we have one, else to stderr. > */ > -static void print_loc(void) > +static void print_loc(bool cur, error_print_func print_func, void > *print_opaque) > { > const char *sep = ""; > int i; > const char *const *argp; > > - if (!monitor_cur_hmp() && g_get_prgname()) { > - error_printf("%s:", g_get_prgname()); > + if (!cur && g_get_prgname()) { > + print_func(print_opaque, "%s:", g_get_prgname()); > sep = " "; > } > switch (cur_loc->kind) { > case LOC_CMDLINE: > argp = cur_loc->ptr; > for (i = 0; i < cur_loc->num; i++) { > - error_printf("%s%s", sep, argp[i]); > + print_func(print_opaque, "%s%s", sep, argp[i]); > sep = " "; > } > - error_printf(": "); > + print_func(print_opaque, ": "); > break; > case LOC_FILE: > - error_printf("%s:", (const char *)cur_loc->ptr); > + print_func(print_opaque, "%s:", (const char *)cur_loc->ptr); > if (cur_loc->num) { > - error_printf("%d:", cur_loc->num); > + print_func(print_opaque, "%d:", cur_loc->num); > } > - error_printf(" "); > + print_func(print_opaque, " "); > break; > default: > - error_printf("%s", sep); > + print_func(print_opaque, "%s", sep); > } > } > > @@ -199,34 +202,55 @@ real_time_iso8601(void) > G_GNUC_PRINTF(2, 0) > static void vreport(report_type type, const char *fmt, va_list ap) > { > + /* > + * Calling monitor_cur_hmp() will acquire/release mutexes, > + * which triggers trace probes, which can trigger > + * qemu_log calls, which would interleave with output > + * from this. Hence cache the monitor handle upfront > + * so any tracing appears before we start outputting. > + */ > + Monitor *cur = monitor_cur_hmp(); > + error_print_func print_func; > + error_print_vfunc print_vfunc; > + void *print_opaque; > gchar *timestr; > > - if (message_with_timestamp && !monitor_cur_hmp()) { > + if (cur) { > + print_func = (error_print_func)monitor_printf; > + print_vfunc = (error_print_vfunc)monitor_vprintf; > + print_opaque = cur; > + } else { > + print_func = (error_print_func)fprintf; > + print_vfunc = (error_print_vfunc)vfprintf; > + print_opaque = stderr; > + } print_func is is void (*)(void *, const char *, ...). monitor_printf() is int (*)(Monitor *, const char *, ...). fprintf() is int (*)(FILE *, const char *, ...) ISO/IEC 9899:1999 §6.3.2.3 Pointers: [#8] A pointer to a function of one type may be converted to a pointer to a function of another type and back again; the result shall compare equal to the original pointer. If a converted pointer is used to call a function whose type is not compatible with the pointed-to type, the behavior is undefined. For this to work in practice, three conditions need to hold: 1. Both Monitor * and FILE * arguments are passed exactly like void * arguments. Holds on sane machines. 2. A function returning void is called the same way as a function returning int when the value is ignored. Holds on sane machines. We can easily eliminate this condition: just change print_func from void to int. 3. The guys writing the compiler refrain from making use of their self-granted license to ruin our day because our program has undefined behavior. Since improving some SPEC benchmark by half a percent is clearly worth breaking any number of working programs, ... If we want to stay out of this swamp, we need to define wrapper functions taking void * and returning it. > + > + if (message_with_timestamp && !cur) { > timestr = real_time_iso8601(); > - error_printf("%s ", timestr); > + print_func(print_opaque, "%s ", timestr); > g_free(timestr); > } > > /* Only prepend guest name if -msg guest-name and -name guest=... are > set */ > - if (error_with_guestname && error_guest_name && !monitor_cur_hmp()) { > - error_printf("%s ", error_guest_name); > + if (error_with_guestname && error_guest_name && !cur) { > + print_func(print_opaque, "%s ", error_guest_name); > } > > - print_loc(); > + print_loc(!!cur, print_func, print_opaque); > > switch (type) { > case REPORT_TYPE_ERROR: > break; > case REPORT_TYPE_WARNING: > - error_printf("warning: "); > + print_func(print_opaque, "warning: "); > break; > case REPORT_TYPE_INFO: > - error_printf("info: "); > + print_func(print_opaque, "info: "); > break; > } > > - error_vprintf(fmt, ap); > - error_printf("\n"); > + print_vfunc(print_opaque, fmt, ap); > + print_func(print_opaque, "\n"); > } > > /* The code becomes more complicated. Hmm. As long as monitor_cur() hits trace points, we really want to call it just once, before we start printing the error message. Calls during vreport() (in master, because I can't be bothered to recompile): (1) At the beginning of vreport(). Fine. (2) In the middle of vreport(). Easy to avoid: reuse the value gotten at (1). (3) In print_loc(). Easy to avoid: called only by vreport(), so pass the value gotten at (1). (4) In error_vprintf(), called multiple times from vreport() and print_loc() directly and via error_printf(). Obvious, stupid solution: have error_vprintf() and error_printf() take a Monitor *argument. But that's no good, because we have numerous callers, and we'd rather not change these to pass monitor_cur(). So create two new functions, and make the existing ones wrap around them. Thoughts?
