From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0C5A8C636D4 for ; Mon, 13 Feb 2023 17:18:34 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pRcSH-0001lv-J2; Mon, 13 Feb 2023 12:17:29 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pRcSE-0001lK-RT for qemu-devel@nongnu.org; Mon, 13 Feb 2023 12:17:27 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pRcSC-0002b4-BW for qemu-devel@nongnu.org; Mon, 13 Feb 2023 12:17:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1676308643; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ohSDt8LSwHCiM5MsSn8GvqrR3bhg9U2GNpHae9Xumvg=; b=TKfT9rKkWmKe2rscnZCf/lbP7tbF6QnlLA5LQa5ICpJzD3XVhZIxbu8xLlR9c7kKQZyaQB V+0SxZnLSCRaOuBznvApPWKd8BFU4GjWV1DxriKkmCGpglplszSZ+eaZBikqeQYqN1XBv/ RW5kJT7Guh7odZmoU4ccHBr2lx4mP0k= Received: from mail-yw1-f200.google.com (mail-yw1-f200.google.com [209.85.128.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-204-nk0JdN90NnOhX75lCgXkuw-1; Mon, 13 Feb 2023 12:17:20 -0500 X-MC-Unique: nk0JdN90NnOhX75lCgXkuw-1 Received: by mail-yw1-f200.google.com with SMTP id 00721157ae682-4c8e781bc0aso134069017b3.22 for ; Mon, 13 Feb 2023 09:17:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ohSDt8LSwHCiM5MsSn8GvqrR3bhg9U2GNpHae9Xumvg=; b=aOR30e1ETbhdoLF5D3MVbItFSWf5KhNAVUEIHrKUyS4aqohT3Qfjh7R5fpzGpzPd05 l9/NIk8kHHrPxdSKMQ5tnqLb7k4GV3Xhus+H0oMmvW2cjvgEMmXPZ/LncP84Bgk3/ySy Q637scJw7M3cjweONQ9735hp8Rq1+xE7b7tl3WwSMsm3gOvLCll4syIgGGo4W9jEbqS1 vTIDKESGC1Rhka//VEZeiuFIGpnrTckkSklKOPiX+E3Ym4UeXTtIitQRn7VrNHFc1R2j /wEGpIPA/s1jtmkDqiVFLn6ppLuzh8X3lglgvEyMlXANF6kToQPJ/aN4IVJ/VZOjF9nx 6c2Q== X-Gm-Message-State: AO0yUKXOMqnXy2jxk3lV8ZIzZoTVly+1B2/qW9Tne9eFYL6C2BhPjVwr 8Pj2ppg9EI0X9GaL1gCmnBpcvB264v1r8/dgHO6L/kViTOzJJ7fJGbSRGw1r2VpIfaqY/jTnKmI q6P18TkVxNhZAfl4= X-Received: by 2002:a81:af68:0:b0:52e:f3f4:b78 with SMTP id x40-20020a81af68000000b0052ef3f40b78mr6295292ywj.0.1676308639998; Mon, 13 Feb 2023 09:17:19 -0800 (PST) X-Google-Smtp-Source: AK7set83Rhk1Y+00fMV4Wt8fWIZGhkIgouos/7REbZb6DgaZfXsH3WF4wRFrMVMuHdbhjiBPkeujsA== X-Received: by 2002:a81:af68:0:b0:52e:f3f4:b78 with SMTP id x40-20020a81af68000000b0052ef3f40b78mr6295267ywj.0.1676308639606; Mon, 13 Feb 2023 09:17:19 -0800 (PST) Received: from x1n (bras-base-aurron9127w-grc-56-70-30-145-63.dsl.bell.ca. [70.30.145.63]) by smtp.gmail.com with ESMTPSA id e189-20020a3769c6000000b007062139ecb3sm10206695qkc.95.2023.02.13.09.17.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Feb 2023 09:17:18 -0800 (PST) Date: Mon, 13 Feb 2023 12:17:17 -0500 From: Peter Xu To: BALATON Zoltan Cc: Thomas Huth , qemu-devel@nongnu.org, Paolo Bonzini , David Hildenbrand , philmd@linaro.org, Richard Henderson Subject: Re: [PATCH 1/2] log: Add separate debug option for logging invalid memory accesses Message-ID: References: <20230119214032.4BF1E7457E7@zero.eik.bme.hu> <413edbc1-8af1-4b0e-70ab-41d49f1bbbcd@eik.bme.hu> <7ae34a52-13a5-05e0-3cea-10a9fb89ec1c@eik.bme.hu> <0d85fc1d-4c97-5874-d49c-03ac3c265e2f@eik.bme.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <0d85fc1d-4c97-5874-d49c-03ac3c265e2f@eik.bme.hu> Received-SPF: pass client-ip=170.10.133.124; envelope-from=peterx@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org On Mon, Feb 13, 2023 at 05:34:04PM +0100, BALATON Zoltan wrote: > On Mon, 13 Feb 2023, Peter Xu wrote: > > On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote: > > > On Mon, 13 Feb 2023, Peter Xu wrote: > > > > On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote: > > > > > On 07/02/2023 17.33, BALATON Zoltan wrote: > > > > > > On Tue, 31 Jan 2023, BALATON Zoltan wrote: > > > > > > > On Thu, 19 Jan 2023, BALATON Zoltan wrote: > > > > > > > > Currently -d guest_errors enables logging of different invalid actions > > > > > > > > by the guest such as misusing hardware, accessing missing features or > > > > > > > > invalid memory areas. The memory access logging can be quite verbose > > > > > > > > which obscures the other messages enabled by this debug switch so > > > > > > > > separate it by adding a new -d memaccess option to make it possible to > > > > > > > > control it independently of other guest error logs. > > > > > > > > > > > > > > > > Signed-off-by: BALATON Zoltan > > > > > > > > > > > > > > Ping? Could somebody review and pick it up please? > > > > > > > > > > > > Ping? > > > > > > > > > > Patch makes sense to me and looks fine, so: > > > > > > > > > > Reviewed-by: Thomas Huth > > > > > > > > > > ... I think this should go via one of the "Memory API" maintainers branches? > > > > > Paolo? Peter? David? > > > > > > > > Paolo normally does the pull, I assume that'll still be the case. The > > > > patch looks good to me if Phil's comment will be addressed on merging with > > > > the old mask, which makes sense to me: > > > > > > Keeping the old mask kind of defies the purpose. I've tried to explain that > > > in the commit message but now that two of you did not get it maybe that > > > message needs to be clarified instead? > > > > I think it's clear enough. My fault to not read carefully into the > > message, sorry. > > > > However, could you explain why a memory_region_access_valid() failure > > shouldn't belong to LOG_GUEST_ERROR? > > > > commit e54eba1986f6c4bac2951e7f90a849cd842e25e4 > > Author: Peter Maydell > > Date: Thu Oct 18 14:11:35 2012 +0100 > > > > qemu-log: Add new log category for guest bugs > > > > Add a new category for device models to log guest behaviour > > which is likely to be a guest bug of some kind (accessing > > nonexistent registers, reading 32 bit wide registers with > > a byte access, etc). Making this its own log category allows > > those who care (mostly guest OS authors) to see the complaints > > without bothering most users. > > > > Such an illegal memory access is definitely a suitable candidate of guest > > misbehave to me. > > Problem is that a lot of machines have unimplemented hardware that are valid > on real machine but we don't model them so running guests which access these > generate constant flow of unassigned memory access log which obscures the > actual guest_errors when an modelled device is accessed in unexpected ways. > For an example you can try booting MorphOS on mac99,via=pmu as described > here: http://zero.eik.bme.hu/~balaton/qemu/amiga/#morphos > (or the pegasos2 command too). We could add dummy registers to silence these > but I think it's better to either implement it correctly or leave it > unimplemented so we don't hide errors by the dummy implementation. > > > Not to mention Phil always have a good point that you may be violating > > others using guest_error already so what they wanted to capture can > > misterious going away without noticing, even if it may service your goal. > > IOW it's a slight ABI and I think we ned justification to break it. > > Probably this should be documented in changelog or do we need depracation > for a debug option meant for developers mostly? I did not think so. Also I > can't think of other way to solve this without changing what guest_erorrs do > unless we change the name of that flag as well. Also not that when this was > originally added it did not contain mem access logs as those were controlled > by a define in memory.c until Philippe changed it and added them to > guest_errors. So in a way I want the previous functionality back. I see, thanks. Indeed it's only a debug option, so I don't know whether the abi needs the attention here. I quickly looked at all the masks and afaict this is really a special and very useful one that if I'm a cloud provider I can run some script trying to capture those violations using this bit to identify suspecious guests. So I think it would still be great to not break it if possible, IMHO. Since currently I don't see an immediate limitation of having qemu log mask being a single bit for each of the entry, one way to satisfy your need (and also keep the old behavior, iiuc), is to make guest_errors a sugar syntax to cover 2 bits. It shouldn't be complicated at all, I assume: +/* This covers the generic guest errors besides memory violations */ #define LOG_GUEST_ERROR (1 << 11) +/* + * This covers the guest errors on memory violations; see LOG_GUEST_ERROR + * for generic guest errors. + */ +#define LOG_GUEST_ERROR_MEM (1 << 21) +#define LOG_GUEST_ERROR_ALL (LOG_GUEST_ERROR | LOG_GUEST_ERROR_MEM) - { LOG_GUEST_ERROR, "guest_errors", + { LOG_GUEST_ERROR_ALL, "guest_errors", Then somehow squashed with your changes. It'll make "guest_errors" not exactly matching the name of LOG_* but I think it may not be a big concern. Thanks, -- Peter Xu