Re: [PATCH 1/2] log: Add separate debug option for logging invalid memory accesses
On 13/2/23 18:17, Peter Xu wrote:
On Mon, Feb 13, 2023 at 05:34:04PM +0100, BALATON Zoltan wrote:
On Mon, 13 Feb 2023, Peter Xu wrote:
On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote:
On Mon, 13 Feb 2023, Peter Xu wrote:
On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
On 07/02/2023 17.33, BALATON Zoltan wrote: > On Tue, 31 Jan 2023, BALATON Zoltan wrote: >> On Thu, 19 Jan 2023, BALATON Zoltan wrote: >>> Currently -d guest_errors enables logging of different invalid actions >>> by the guest such as misusing hardware, accessing missing features or >>> invalid memory areas. The memory access logging can be quite verbose >>> which obscures the other messages enabled by this debug switch so >>> separate it by adding a new -d memaccess option to make it possible to >>> control it independently of other guest error logs. >>> >>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> >> >> Ping? Could somebody review and pick it up please? > > Ping?
Patch makes sense to me and looks fine, so:
Reviewed-by: Thomas Huth <thuth@redhat.com>
... I think this should go via one of the "Memory API" maintainers branches? Paolo? Peter? David?
Paolo normally does the pull, I assume that'll still be the case. The patch looks good to me if Phil's comment will be addressed on merging with the old mask, which makes sense to me:
Keeping the old mask kind of defies the purpose. I've tried to explain that in the commit message but now that two of you did not get it maybe that message needs to be clarified instead?
I think it's clear enough. My fault to not read carefully into the message, sorry.
However, could you explain why a memory_region_access_valid() failure shouldn't belong to LOG_GUEST_ERROR?
commit e54eba1986f6c4bac2951e7f90a849cd842e25e4 Author: Peter Maydell <peter.maydell@linaro.org> Date: Thu Oct 18 14:11:35 2012 +0100
qemu-log: Add new log category for guest bugs
Add a new category for device models to log guest behaviour which is likely to be a guest bug of some kind (accessing nonexistent registers, reading 32 bit wide registers with a byte access, etc). Making this its own log category allows those who care (mostly guest OS authors) to see the complaints without bothering most users.
Such an illegal memory access is definitely a suitable candidate of guest misbehave to me.
Problem is that a lot of machines have unimplemented hardware that are valid on real machine but we don't model them so running guests which access these generate constant flow of unassigned memory access log which obscures the actual guest_errors when an modelled device is accessed in unexpected ways. For an example you can try booting MorphOS on mac99,via=pmu as described here: http://zero.eik.bme.hu/~balaton/qemu/amiga/#morphos (or the pegasos2 command too). We could add dummy registers to silence these but I think it's better to either implement it correctly or leave it unimplemented so we don't hide errors by the dummy implementation.
Not to mention Phil always have a good point that you may be violating others using guest_error already so what they wanted to capture can misterious going away without noticing, even if it may service your goal. IOW it's a slight ABI and I think we ned justification to break it.
Probably this should be documented in changelog or do we need depracation for a debug option meant for developers mostly? I did not think so. Also I can't think of other way to solve this without changing what guest_erorrs do unless we change the name of that flag as well. Also not that when this was originally added it did not contain mem access logs as those were controlled by a define in memory.c until Philippe changed it and added them to guest_errors. So in a way I want the previous functionality back.
I see, thanks.
Indeed it's only a debug option, so I don't know whether the abi needs the attention here.
I quickly looked at all the masks and afaict this is really a special and very useful one that if I'm a cloud provider I can run some script trying to capture those violations using this bit to identify suspecious guests.
So I think it would still be great to not break it if possible, IMHO.
Since currently I don't see an immediate limitation of having qemu log mask being a single bit for each of the entry, one way to satisfy your need (and also keep the old behavior, iiuc), is to make guest_errors a sugar syntax to cover 2 bits. It shouldn't be complicated at all, I assume:
+/* This covers the generic guest errors besides memory violations */ #define LOG_GUEST_ERROR (1 << 11)
+/* + * This covers the guest errors on memory violations; see LOG_GUEST_ERROR + * for generic guest errors. + */ +#define LOG_GUEST_ERROR_MEM (1 << 21) +#define LOG_GUEST_ERROR_ALL (LOG_GUEST_ERROR | LOG_GUEST_ERROR_MEM)
- { LOG_GUEST_ERROR, "guest_errors", + { LOG_GUEST_ERROR_ALL, "guest_errors",
Then somehow squashed with your changes. It'll make "guest_errors" not exactly matching the name of LOG_* but I think it may not be a big concern.
Thanks Peter for having a look. Cc'ing libvir-list@ to see if this change could have an impact. If no one else object I'm OK to take the patch as is, except if you (Peter) want the description to be reworded. Regards, Phil.
participants (1)
-
Philippe Mathieu-Daudé