From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel@nongnu.org, Peter Maydell <peter.maydell@linaro.org>
Subject: Re: [PATCH-for-5.2] memory: Add trace events to audit MemoryRegionOps fields
Date: Wed, 19 Aug 2020 12:10:20 +0200 [thread overview]
Message-ID: <0134a5c1-dabb-76cf-a08c-c6ecfbe4af5b@redhat.com> (raw)
In-Reply-To: <20200819091417.GA357031@stefanha-x1.localdomain>
On 8/19/20 11:14 AM, Stefan Hajnoczi wrote:
> On Tue, Aug 18, 2020 at 09:56:37AM +0200, Philippe Mathieu-Daudé wrote:
>> On 8/18/20 8:32 AM, Paolo Bonzini wrote:
>>> On 06/08/20 17:26, Philippe Mathieu-Daudé wrote:
>>>> Add trace events to audit MemoryRegionOps field such:
>>>> - are all the valid/impl fields provided?
>>>> - is the region a power of two?
>>>>
>>>> These cases are accepted, but it is interesting to list them.
>>>>
>>>> Example:
>>>>
>>>> $ qemu-system-i386 -S -trace memory_region_io_check\*
>>>> memory_region_io_check_odd_size mr name:'dma-page' size:0x3
>>
>> (a)
>>
>>>> memory_region_io_check_access_size_incomplete mr name:'acpi-tmr' min/max:[valid:1/4 impl:4/0]
>>>> memory_region_io_check_access_size_incomplete mr name:'acpi-evt' min/max:[valid:1/2 impl:2/0]
>>>> memory_region_io_check_access_size_incomplete mr name:'acpi-cnt' min/max:[valid:1/2 impl:2/0]
>>
>> (b)
>>
>>>
>>> Can they be detected using Coccinelle instead?
>>
>> For static declarations, probably.
>
> Regarding the MemoryRegionOps checks, the following grep command-line
> shows that all MemoryRegionOps definitions are global:
>
> $ git grep 'MemoryRegionOps [^*]' hw/
>
> This means static checking is possible.
>
>>
>> (a) is not really fixable (because some datasheets don't
>> count the reserved space in the device address map [1]),
>> but is interesting to audit.
>>
>> I believe (b) has to be updated per maintainers preference,
>> not by an individual developer. IIUC Michael said [2] while
>> there is no bus information in MemoryRegionOps (and way to
>> report a bus specific error), it is pointless to blindly fill
>> the zero access sizes.
>>
>> Meanwhile I prefer to share my debugging helpers as trace
>> events instead of ./configure --enable-maintainer and #ifdef'ry.
>
> Can they be turned into a CI check instead of debugging helpers? For
> example, all existing violations are exempt but new MemoryRegionOps must
> comply. This way it's not necessary to audit and fix everything right
> now but code quality is improved in new code.
>
> Static checking is nice because there is no need to execute QEMU and
> trigger all the code paths that lead to MemoryRegionOps usage.
>
> Here are more static checker ideas:
>
> 1. Rename memory_region_init_io() to memory_region_init_io_unsafe() (or
> "legacy", "nocheck", etc) and then add a checkpatch.pl error if a new
> memory_region_init_io_unsafe() call is added.
>
> 2. Walk the debuginfo looking for MemoryRegionOps structs and check
> them. For example, a Python script that uses a DWARF parser. There
> can be list of exempted source files that are allowed to violate the
> rules (existing code).
>
> 3. Use __attribute__((__section__())) on MemoryRegionOps so they can
> easily be located in ELF files and check them. For example, a C
> program that opens the ELF and finds the "memoryregions" section.
Thanks for the tips!
From the list 1. seems the easier to implement to me (no brain effort).
But for now I'm not sure the check has to be enforced, because I'm not
sure what we really want to do. First we need to figure out the 'bus'
component of a a MemoryRegion (where it sits), as it affects the
MemoryRegionOps possible range values.
>
> Stefan
>
next prev parent reply other threads:[~2020-08-19 10:19 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-06 15:26 [PATCH-for-5.2] memory: Add trace events to audit MemoryRegionOps fields Philippe Mathieu-Daudé
2020-08-18 6:32 ` Paolo Bonzini
2020-08-18 7:56 ` Philippe Mathieu-Daudé
2020-08-19 9:14 ` Stefan Hajnoczi
2020-08-19 10:10 ` Philippe Mathieu-Daudé [this message]
2020-08-19 14:07 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0134a5c1-dabb-76cf-a08c-c6ecfbe4af5b@redhat.com \
--to=philmd@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).