[1/2] log: Add separate debug option for logging invalid memory accesses

Currently -d guest_errors enables logging of different invalid actions
by the guest such as misusing hardware, accessing missing features or
invalid memory areas. The memory access logging can be quite verbose
which obscures the other messages enabled by this debug switch so
separate it by adding a new -d memaccess option to make it possible to
control it independently of other guest error logs.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 include/qemu/log.h | 1 +
 softmmu/memory.c   | 6 +++---
 softmmu/physmem.c  | 2 +-
 util/log.c         | 2 ++
 4 files changed, 7 insertions(+), 4 deletions(-)

On Thu, 19 Jan 2023, BALATON Zoltan wrote:
> Currently -d guest_errors enables logging of different invalid actions
> by the guest such as misusing hardware, accessing missing features or
> invalid memory areas. The memory access logging can be quite verbose
> which obscures the other messages enabled by this debug switch so
> separate it by adding a new -d memaccess option to make it possible to
> control it independently of other guest error logs.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Ping? Could somebody review and pick it up please?

Regards,
BALATON Zoltan

> ---
> include/qemu/log.h | 1 +
> softmmu/memory.c   | 6 +++---
> softmmu/physmem.c  | 2 +-
> util/log.c         | 2 ++
> 4 files changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/include/qemu/log.h b/include/qemu/log.h
> index c5643d8dd5..4bf0a65a85 100644
> --- a/include/qemu/log.h
> +++ b/include/qemu/log.h
> @@ -35,6 +35,7 @@ bool qemu_log_separate(void);
> /* LOG_STRACE is used for user-mode strace logging. */
> #define LOG_STRACE         (1 << 19)
> #define LOG_PER_THREAD     (1 << 20)
> +#define LOG_MEM_ACCESS     (1 << 21)
>
> /* Lock/unlock output. */
>
> diff --git a/softmmu/memory.c b/softmmu/memory.c
> index 9d64efca26..0a9fa67d32 100644
> --- a/softmmu/memory.c
> +++ b/softmmu/memory.c
> @@ -1379,7 +1379,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
> {
>     if (mr->ops->valid.accepts
>         && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, attrs)) {
> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>                       ", size %u, region '%s', reason: rejected\n",
>                       is_write ? "write" : "read",
>                       addr, size, memory_region_name(mr));
> @@ -1387,7 +1387,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>     }
>
>     if (!mr->ops->valid.unaligned && (addr & (size - 1))) {
> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>                       ", size %u, region '%s', reason: unaligned\n",
>                       is_write ? "write" : "read",
>                       addr, size, memory_region_name(mr));
> @@ -1401,7 +1401,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>
>     if (size > mr->ops->valid.max_access_size
>         || size < mr->ops->valid.min_access_size) {
> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>                       ", size %u, region '%s', reason: invalid size "
>                       "(min:%u max:%u)\n",
>                       is_write ? "write" : "read",
> diff --git a/softmmu/physmem.c b/softmmu/physmem.c
> index bf585e45a8..bca679ee01 100644
> --- a/softmmu/physmem.c
> +++ b/softmmu/physmem.c
> @@ -2792,7 +2792,7 @@ static bool flatview_access_allowed(MemoryRegion *mr, MemTxAttrs attrs,
>     if (memory_region_is_ram(mr)) {
>         return true;
>     }
> -    qemu_log_mask(LOG_GUEST_ERROR,
> +    qemu_log_mask(LOG_MEM_ACCESS,
>                   "Invalid access to non-RAM device at "
>                   "addr 0x%" HWADDR_PRIX ", size %" HWADDR_PRIu ", "
>                   "region '%s'\n", addr, len, memory_region_name(mr));
> diff --git a/util/log.c b/util/log.c
> index 7837ff9917..a3c097f320 100644
> --- a/util/log.c
> +++ b/util/log.c
> @@ -495,6 +495,8 @@ const QEMULogItem qemu_log_items[] = {
>       "log every user-mode syscall, its input, and its result" },
>     { LOG_PER_THREAD, "tid",
>       "open a separate log file per thread; filename must contain '%d'" },
> +    { LOG_MEM_ACCESS, "memaccess",
> +      "log invalid memory accesses" },
>     { 0, NULL, NULL },
> };
>
>

On Tue, 31 Jan 2023, BALATON Zoltan wrote:
> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>> Currently -d guest_errors enables logging of different invalid actions
>> by the guest such as misusing hardware, accessing missing features or
>> invalid memory areas. The memory access logging can be quite verbose
>> which obscures the other messages enabled by this debug switch so
>> separate it by adding a new -d memaccess option to make it possible to
>> control it independently of other guest error logs.
>> 
>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>
> Ping? Could somebody review and pick it up please?

Ping?

Regards,
BALATON Zoltan

>> ---
>> include/qemu/log.h | 1 +
>> softmmu/memory.c   | 6 +++---
>> softmmu/physmem.c  | 2 +-
>> util/log.c         | 2 ++
>> 4 files changed, 7 insertions(+), 4 deletions(-)
>> 
>> diff --git a/include/qemu/log.h b/include/qemu/log.h
>> index c5643d8dd5..4bf0a65a85 100644
>> --- a/include/qemu/log.h
>> +++ b/include/qemu/log.h
>> @@ -35,6 +35,7 @@ bool qemu_log_separate(void);
>> /* LOG_STRACE is used for user-mode strace logging. */
>> #define LOG_STRACE         (1 << 19)
>> #define LOG_PER_THREAD     (1 << 20)
>> +#define LOG_MEM_ACCESS     (1 << 21)
>> 
>> /* Lock/unlock output. */
>> 
>> diff --git a/softmmu/memory.c b/softmmu/memory.c
>> index 9d64efca26..0a9fa67d32 100644
>> --- a/softmmu/memory.c
>> +++ b/softmmu/memory.c
>> @@ -1379,7 +1379,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>> {
>>     if (mr->ops->valid.accepts
>>         && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, 
>> attrs)) {
>> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" 
>> HWADDR_PRIX
>> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>>                       ", size %u, region '%s', reason: rejected\n",
>>                       is_write ? "write" : "read",
>>                       addr, size, memory_region_name(mr));
>> @@ -1387,7 +1387,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>>     }
>>
>>     if (!mr->ops->valid.unaligned && (addr & (size - 1))) {
>> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" 
>> HWADDR_PRIX
>> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>>                       ", size %u, region '%s', reason: unaligned\n",
>>                       is_write ? "write" : "read",
>>                       addr, size, memory_region_name(mr));
>> @@ -1401,7 +1401,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>>
>>     if (size > mr->ops->valid.max_access_size
>>         || size < mr->ops->valid.min_access_size) {
>> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" 
>> HWADDR_PRIX
>> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>>                       ", size %u, region '%s', reason: invalid size "
>>                       "(min:%u max:%u)\n",
>>                       is_write ? "write" : "read",
>> diff --git a/softmmu/physmem.c b/softmmu/physmem.c
>> index bf585e45a8..bca679ee01 100644
>> --- a/softmmu/physmem.c
>> +++ b/softmmu/physmem.c
>> @@ -2792,7 +2792,7 @@ static bool flatview_access_allowed(MemoryRegion *mr, 
>> MemTxAttrs attrs,
>>     if (memory_region_is_ram(mr)) {
>>         return true;
>>     }
>> -    qemu_log_mask(LOG_GUEST_ERROR,
>> +    qemu_log_mask(LOG_MEM_ACCESS,
>>                   "Invalid access to non-RAM device at "
>>                   "addr 0x%" HWADDR_PRIX ", size %" HWADDR_PRIu ", "
>>                   "region '%s'\n", addr, len, memory_region_name(mr));
>> diff --git a/util/log.c b/util/log.c
>> index 7837ff9917..a3c097f320 100644
>> --- a/util/log.c
>> +++ b/util/log.c
>> @@ -495,6 +495,8 @@ const QEMULogItem qemu_log_items[] = {
>>       "log every user-mode syscall, its input, and its result" },
>>     { LOG_PER_THREAD, "tid",
>>       "open a separate log file per thread; filename must contain '%d'" },
>> +    { LOG_MEM_ACCESS, "memaccess",
>> +      "log invalid memory accesses" },
>>     { 0, NULL, NULL },
>> };
>> 
>> 
>
>

On 07/02/2023 17.33, BALATON Zoltan wrote:
> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>> Currently -d guest_errors enables logging of different invalid actions
>>> by the guest such as misusing hardware, accessing missing features or
>>> invalid memory areas. The memory access logging can be quite verbose
>>> which obscures the other messages enabled by this debug switch so
>>> separate it by adding a new -d memaccess option to make it possible to
>>> control it independently of other guest error logs.
>>>
>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>
>> Ping? Could somebody review and pick it up please?
> 
> Ping?

Patch makes sense to me and looks fine, so:

Reviewed-by: Thomas Huth <thuth@redhat.com>

... I think this should go via one of the "Memory API" maintainers branches? 
Paolo? Peter? David?

  Thomas


>>> ---
>>> include/qemu/log.h | 1 +
>>> softmmu/memory.c   | 6 +++---
>>> softmmu/physmem.c  | 2 +-
>>> util/log.c         | 2 ++
>>> 4 files changed, 7 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/include/qemu/log.h b/include/qemu/log.h
>>> index c5643d8dd5..4bf0a65a85 100644
>>> --- a/include/qemu/log.h
>>> +++ b/include/qemu/log.h
>>> @@ -35,6 +35,7 @@ bool qemu_log_separate(void);
>>> /* LOG_STRACE is used for user-mode strace logging. */
>>> #define LOG_STRACE         (1 << 19)
>>> #define LOG_PER_THREAD     (1 << 20)
>>> +#define LOG_MEM_ACCESS     (1 << 21)
>>>
>>> /* Lock/unlock output. */
>>>
>>> diff --git a/softmmu/memory.c b/softmmu/memory.c
>>> index 9d64efca26..0a9fa67d32 100644
>>> --- a/softmmu/memory.c
>>> +++ b/softmmu/memory.c
>>> @@ -1379,7 +1379,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>>> {
>>>     if (mr->ops->valid.accepts
>>>         && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, 
>>> attrs)) {
>>> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
>>> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>>>                       ", size %u, region '%s', reason: rejected\n",
>>>                       is_write ? "write" : "read",
>>>                       addr, size, memory_region_name(mr));
>>> @@ -1387,7 +1387,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>>>     }
>>>
>>>     if (!mr->ops->valid.unaligned && (addr & (size - 1))) {
>>> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
>>> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>>>                       ", size %u, region '%s', reason: unaligned\n",
>>>                       is_write ? "write" : "read",
>>>                       addr, size, memory_region_name(mr));
>>> @@ -1401,7 +1401,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>>>
>>>     if (size > mr->ops->valid.max_access_size
>>>         || size < mr->ops->valid.min_access_size) {
>>> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
>>> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>>>                       ", size %u, region '%s', reason: invalid size "
>>>                       "(min:%u max:%u)\n",
>>>                       is_write ? "write" : "read",
>>> diff --git a/softmmu/physmem.c b/softmmu/physmem.c
>>> index bf585e45a8..bca679ee01 100644
>>> --- a/softmmu/physmem.c
>>> +++ b/softmmu/physmem.c
>>> @@ -2792,7 +2792,7 @@ static bool flatview_access_allowed(MemoryRegion 
>>> *mr, MemTxAttrs attrs,
>>>     if (memory_region_is_ram(mr)) {
>>>         return true;
>>>     }
>>> -    qemu_log_mask(LOG_GUEST_ERROR,
>>> +    qemu_log_mask(LOG_MEM_ACCESS,
>>>                   "Invalid access to non-RAM device at "
>>>                   "addr 0x%" HWADDR_PRIX ", size %" HWADDR_PRIu ", "
>>>                   "region '%s'\n", addr, len, memory_region_name(mr));
>>> diff --git a/util/log.c b/util/log.c
>>> index 7837ff9917..a3c097f320 100644
>>> --- a/util/log.c
>>> +++ b/util/log.c
>>> @@ -495,6 +495,8 @@ const QEMULogItem qemu_log_items[] = {
>>>       "log every user-mode syscall, its input, and its result" },
>>>     { LOG_PER_THREAD, "tid",
>>>       "open a separate log file per thread; filename must contain '%d'" },
>>> +    { LOG_MEM_ACCESS, "memaccess",
>>> +      "log invalid memory accesses" },
>>>     { 0, NULL, NULL },
>>> };

On 19/1/23 22:40, BALATON Zoltan wrote:
> Currently -d guest_errors enables logging of different invalid actions
> by the guest such as misusing hardware, accessing missing features or
> invalid memory areas. The memory access logging can be quite verbose
> which obscures the other messages enabled by this debug switch so
> separate it by adding a new -d memaccess option to make it possible to
> control it independently of other guest error logs.
> 
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>   include/qemu/log.h | 1 +
>   softmmu/memory.c   | 6 +++---
>   softmmu/physmem.c  | 2 +-
>   util/log.c         | 2 ++
>   4 files changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/include/qemu/log.h b/include/qemu/log.h
> index c5643d8dd5..4bf0a65a85 100644
> --- a/include/qemu/log.h
> +++ b/include/qemu/log.h
> @@ -35,6 +35,7 @@ bool qemu_log_separate(void);
>   /* LOG_STRACE is used for user-mode strace logging. */
>   #define LOG_STRACE         (1 << 19)
>   #define LOG_PER_THREAD     (1 << 20)
> +#define LOG_MEM_ACCESS     (1 << 21)
>   
>   /* Lock/unlock output. */
>   
> diff --git a/softmmu/memory.c b/softmmu/memory.c
> index 9d64efca26..0a9fa67d32 100644
> --- a/softmmu/memory.c
> +++ b/softmmu/memory.c
> @@ -1379,7 +1379,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>   {
>       if (mr->ops->valid.accepts
>           && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, attrs)) {
> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX

Can we use LOG_GUEST_ERROR|LOG_MEM_ACCESS to keep current behavior?

On Mon, 13 Feb 2023, Philippe Mathieu-Daudé wrote:
> On 19/1/23 22:40, BALATON Zoltan wrote:
>> Currently -d guest_errors enables logging of different invalid actions
>> by the guest such as misusing hardware, accessing missing features or
>> invalid memory areas. The memory access logging can be quite verbose
>> which obscures the other messages enabled by this debug switch so
>> separate it by adding a new -d memaccess option to make it possible to
>> control it independently of other guest error logs.
>> 
>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>> ---
>>   include/qemu/log.h | 1 +
>>   softmmu/memory.c   | 6 +++---
>>   softmmu/physmem.c  | 2 +-
>>   util/log.c         | 2 ++
>>   4 files changed, 7 insertions(+), 4 deletions(-)
>> 
>> diff --git a/include/qemu/log.h b/include/qemu/log.h
>> index c5643d8dd5..4bf0a65a85 100644
>> --- a/include/qemu/log.h
>> +++ b/include/qemu/log.h
>> @@ -35,6 +35,7 @@ bool qemu_log_separate(void);
>>   /* LOG_STRACE is used for user-mode strace logging. */
>>   #define LOG_STRACE         (1 << 19)
>>   #define LOG_PER_THREAD     (1 << 20)
>> +#define LOG_MEM_ACCESS     (1 << 21)
>>     /* Lock/unlock output. */
>>   diff --git a/softmmu/memory.c b/softmmu/memory.c
>> index 9d64efca26..0a9fa67d32 100644
>> --- a/softmmu/memory.c
>> +++ b/softmmu/memory.c
>> @@ -1379,7 +1379,7 @@ bool memory_region_access_valid(MemoryRegion *mr,
>>   {
>>       if (mr->ops->valid.accepts
>>           && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, 
>> attrs)) {
>> -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" 
>> HWADDR_PRIX
>> +        qemu_log_mask(LOG_MEM_ACCESS, "Invalid %s at addr 0x%" HWADDR_PRIX
>
> Can we use LOG_GUEST_ERROR|LOG_MEM_ACCESS to keep current behavior?

No, the point is that I don't want the current behaviour getting mem 
access logs when I want to see guest error logs as it's littering the 
output and the real guest error logs are then lost in the lot of 
unintresting mem accesses. You can still use -d guest_errors,memaccess for 
the current behaviour if you prefer that but without this patch I have no 
option for the other behaviour I prefer.

Regards,
BALATON Zoltan

On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
> On 07/02/2023 17.33, BALATON Zoltan wrote:
> > On Tue, 31 Jan 2023, BALATON Zoltan wrote:
> > > On Thu, 19 Jan 2023, BALATON Zoltan wrote:
> > > > Currently -d guest_errors enables logging of different invalid actions
> > > > by the guest such as misusing hardware, accessing missing features or
> > > > invalid memory areas. The memory access logging can be quite verbose
> > > > which obscures the other messages enabled by this debug switch so
> > > > separate it by adding a new -d memaccess option to make it possible to
> > > > control it independently of other guest error logs.
> > > > 
> > > > Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> > > 
> > > Ping? Could somebody review and pick it up please?
> > 
> > Ping?
> 
> Patch makes sense to me and looks fine, so:
> 
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> 
> ... I think this should go via one of the "Memory API" maintainers branches?
> Paolo? Peter? David?

Paolo normally does the pull, I assume that'll still be the case.  The
patch looks good to me if Phil's comment will be addressed on merging with
the old mask, which makes sense to me:

Acked-by: Peter Xu <peterx@redhat.com>

Thanks,

On Mon, 13 Feb 2023, Peter Xu wrote:
> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>> Currently -d guest_errors enables logging of different invalid actions
>>>>> by the guest such as misusing hardware, accessing missing features or
>>>>> invalid memory areas. The memory access logging can be quite verbose
>>>>> which obscures the other messages enabled by this debug switch so
>>>>> separate it by adding a new -d memaccess option to make it possible to
>>>>> control it independently of other guest error logs.
>>>>>
>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>
>>>> Ping? Could somebody review and pick it up please?
>>>
>>> Ping?
>>
>> Patch makes sense to me and looks fine, so:
>>
>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>
>> ... I think this should go via one of the "Memory API" maintainers branches?
>> Paolo? Peter? David?
>
> Paolo normally does the pull, I assume that'll still be the case.  The
> patch looks good to me if Phil's comment will be addressed on merging with
> the old mask, which makes sense to me:

Keeping the old mask kind of defies the purpose. I've tried to explain 
that in the commit message but now that two of you did not get it maybe 
that message needs to be clarified instead?

Regards,
BALATON Zoltan

> Acked-by: Peter Xu <peterx@redhat.com>
>
> Thanks,
>
>

On 13/2/23 15:47, BALATON Zoltan wrote:
> On Mon, 13 Feb 2023, Peter Xu wrote:
>> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>>> Currently -d guest_errors enables logging of different invalid 
>>>>>> actions
>>>>>> by the guest such as misusing hardware, accessing missing features or
>>>>>> invalid memory areas. The memory access logging can be quite verbose
>>>>>> which obscures the other messages enabled by this debug switch so
>>>>>> separate it by adding a new -d memaccess option to make it 
>>>>>> possible to
>>>>>> control it independently of other guest error logs.
>>>>>>
>>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>>
>>>>> Ping? Could somebody review and pick it up please?
>>>>
>>>> Ping?
>>>
>>> Patch makes sense to me and looks fine, so:
>>>
>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>
>>> ... I think this should go via one of the "Memory API" maintainers 
>>> branches?
>>> Paolo? Peter? David?
>>
>> Paolo normally does the pull, I assume that'll still be the case.  The
>> patch looks good to me if Phil's comment will be addressed on merging 
>> with
>> the old mask, which makes sense to me:
> 
> Keeping the old mask kind of defies the purpose. I've tried to explain 
> that in the commit message but now that two of you did not get it maybe 
> that message needs to be clarified instead?

Is your use case memaccess enabled and guest-errors disabled?

On 13/2/23 15:58, Philippe Mathieu-Daudé wrote:
> On 13/2/23 15:47, BALATON Zoltan wrote:
>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>>>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>>>> Currently -d guest_errors enables logging of different invalid 
>>>>>>> actions
>>>>>>> by the guest such as misusing hardware, accessing missing 
>>>>>>> features or
>>>>>>> invalid memory areas.

- misusing hardware => LOG_GUEST_ERROR
- accessing missing features => LOG_UNIMP
- invalid memory areas => depending on the bus bridge, can be:

   #define MEMTX_OK              0
   #define MEMTX_ERROR          (1U << 0) /* device returned an error */
   #define MEMTX_DECODE_ERROR   (1U << 1) /* nothing at that address */
   #define MEMTX_ACCESS_ERROR   (1U << 2) /* access denied */

>>>>>>> The memory access logging can be quite verbose
>>>>>>> which obscures the other messages enabled by this debug switch so
>>>>>>> separate it by adding a new -d memaccess option to make it 
>>>>>>> possible to
>>>>>>> control it independently of other guest error logs.
>>>>>>>
>>>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>>>
>>>>>> Ping? Could somebody review and pick it up please?
>>>>>
>>>>> Ping?
>>>>
>>>> Patch makes sense to me and looks fine, so:
>>>>
>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>>
>>>> ... I think this should go via one of the "Memory API" maintainers 
>>>> branches?
>>>> Paolo? Peter? David?
>>>
>>> Paolo normally does the pull, I assume that'll still be the case.  The
>>> patch looks good to me if Phil's comment will be addressed on merging 
>>> with
>>> the old mask, which makes sense to me:
>>
>> Keeping the old mask kind of defies the purpose. I've tried to explain 
>> that in the commit message

It is hard to justify we need a new mask and scripts have to adapt to
your new format. I assume you can not use trace-event because you want
this logging available in a RELEASE build, right?

>> but now that two of you did not get it 
>> maybe that message needs to be clarified instead?
> 
> Is your use case memaccess enabled and guest-errors disabled?

On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote:
> On Mon, 13 Feb 2023, Peter Xu wrote:
> > On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
> > > On 07/02/2023 17.33, BALATON Zoltan wrote:
> > > > On Tue, 31 Jan 2023, BALATON Zoltan wrote:
> > > > > On Thu, 19 Jan 2023, BALATON Zoltan wrote:
> > > > > > Currently -d guest_errors enables logging of different invalid actions
> > > > > > by the guest such as misusing hardware, accessing missing features or
> > > > > > invalid memory areas. The memory access logging can be quite verbose
> > > > > > which obscures the other messages enabled by this debug switch so
> > > > > > separate it by adding a new -d memaccess option to make it possible to
> > > > > > control it independently of other guest error logs.
> > > > > > 
> > > > > > Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> > > > > 
> > > > > Ping? Could somebody review and pick it up please?
> > > > 
> > > > Ping?
> > > 
> > > Patch makes sense to me and looks fine, so:
> > > 
> > > Reviewed-by: Thomas Huth <thuth@redhat.com>
> > > 
> > > ... I think this should go via one of the "Memory API" maintainers branches?
> > > Paolo? Peter? David?
> > 
> > Paolo normally does the pull, I assume that'll still be the case.  The
> > patch looks good to me if Phil's comment will be addressed on merging with
> > the old mask, which makes sense to me:
> 
> Keeping the old mask kind of defies the purpose. I've tried to explain that
> in the commit message but now that two of you did not get it maybe that
> message needs to be clarified instead?

I think it's clear enough.  My fault to not read carefully into the
message, sorry.

However, could you explain why a memory_region_access_valid() failure
shouldn't belong to LOG_GUEST_ERROR?

commit e54eba1986f6c4bac2951e7f90a849cd842e25e4
Author: Peter Maydell <peter.maydell@linaro.org>
Date:   Thu Oct 18 14:11:35 2012 +0100

    qemu-log: Add new log category for guest bugs
    
    Add a new category for device models to log guest behaviour
    which is likely to be a guest bug of some kind (accessing
    nonexistent registers, reading 32 bit wide registers with
    a byte access, etc). Making this its own log category allows
    those who care (mostly guest OS authors) to see the complaints
    without bothering most users.

Such an illegal memory access is definitely a suitable candidate of guest
misbehave to me.

Not to mention Phil always have a good point that you may be violating
others using guest_error already so what they wanted to capture can
misterious going away without noticing, even if it may service your goal.
IOW it's a slight ABI and I think we ned justification to break it.

Thanks,

On Mon, 13 Feb 2023, Philippe Mathieu-Daudé wrote:
> On 13/2/23 15:47, BALATON Zoltan wrote:
>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>>>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>>>> Currently -d guest_errors enables logging of different invalid actions
>>>>>>> by the guest such as misusing hardware, accessing missing features or
>>>>>>> invalid memory areas. The memory access logging can be quite verbose
>>>>>>> which obscures the other messages enabled by this debug switch so
>>>>>>> separate it by adding a new -d memaccess option to make it possible to
>>>>>>> control it independently of other guest error logs.
>>>>>>> 
>>>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>>> 
>>>>>> Ping? Could somebody review and pick it up please?
>>>>> 
>>>>> Ping?
>>>> 
>>>> Patch makes sense to me and looks fine, so:
>>>> 
>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>> 
>>>> ... I think this should go via one of the "Memory API" maintainers 
>>>> branches?
>>>> Paolo? Peter? David?
>>> 
>>> Paolo normally does the pull, I assume that'll still be the case.  The
>>> patch looks good to me if Phil's comment will be addressed on merging with
>>> the old mask, which makes sense to me:
>> 
>> Keeping the old mask kind of defies the purpose. I've tried to explain that 
>> in the commit message but now that two of you did not get it maybe that 
>> message needs to be clarified instead?
>
> Is your use case memaccess enabled and guest-errors disabled?

Both, I want to be able to enable/disable these separately. Currently 
guest_errors just controls too much in one flag so I'd like to separate 
these from each other to be controllable separately. I'll continue in 
reply to other question.

Regards,
BALATON Zoltan

On Mon, 13 Feb 2023, Peter Xu wrote:
> On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote:
>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>>>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>>>> Currently -d guest_errors enables logging of different invalid actions
>>>>>>> by the guest such as misusing hardware, accessing missing features or
>>>>>>> invalid memory areas. The memory access logging can be quite verbose
>>>>>>> which obscures the other messages enabled by this debug switch so
>>>>>>> separate it by adding a new -d memaccess option to make it possible to
>>>>>>> control it independently of other guest error logs.
>>>>>>>
>>>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>>>
>>>>>> Ping? Could somebody review and pick it up please?
>>>>>
>>>>> Ping?
>>>>
>>>> Patch makes sense to me and looks fine, so:
>>>>
>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>>
>>>> ... I think this should go via one of the "Memory API" maintainers branches?
>>>> Paolo? Peter? David?
>>>
>>> Paolo normally does the pull, I assume that'll still be the case.  The
>>> patch looks good to me if Phil's comment will be addressed on merging with
>>> the old mask, which makes sense to me:
>>
>> Keeping the old mask kind of defies the purpose. I've tried to explain that
>> in the commit message but now that two of you did not get it maybe that
>> message needs to be clarified instead?
>
> I think it's clear enough.  My fault to not read carefully into the
> message, sorry.
>
> However, could you explain why a memory_region_access_valid() failure
> shouldn't belong to LOG_GUEST_ERROR?
>
> commit e54eba1986f6c4bac2951e7f90a849cd842e25e4
> Author: Peter Maydell <peter.maydell@linaro.org>
> Date:   Thu Oct 18 14:11:35 2012 +0100
>
>    qemu-log: Add new log category for guest bugs
>
>    Add a new category for device models to log guest behaviour
>    which is likely to be a guest bug of some kind (accessing
>    nonexistent registers, reading 32 bit wide registers with
>    a byte access, etc). Making this its own log category allows
>    those who care (mostly guest OS authors) to see the complaints
>    without bothering most users.
>
> Such an illegal memory access is definitely a suitable candidate of guest
> misbehave to me.

Problem is that a lot of machines have unimplemented hardware that are 
valid on real machine but we don't model them so running guests which 
access these generate constant flow of unassigned memory access log which 
obscures the actual guest_errors when an modelled device is accessed in 
unexpected ways. For an example you can try booting MorphOS on 
mac99,via=pmu as described here: 
http://zero.eik.bme.hu/~balaton/qemu/amiga/#morphos
(or the pegasos2 command too). We could add dummy registers to silence 
these but I think it's better to either implement it correctly or leave it 
unimplemented so we don't hide errors by the dummy implementation.

> Not to mention Phil always have a good point that you may be violating
> others using guest_error already so what they wanted to capture can
> misterious going away without noticing, even if it may service your goal.
> IOW it's a slight ABI and I think we ned justification to break it.

Probably this should be documented in changelog or do we need depracation 
for a debug option meant for developers mostly? I did not think so. Also I 
can't think of other way to solve this without changing what guest_erorrs 
do unless we change the name of that flag as well. Also not that when this 
was originally added it did not contain mem access logs as those were 
controlled by a define in memory.c until Philippe changed it and added 
them to guest_errors. So in a way I want the previous functionality back.

Regards,
BALATON Zoltan

On Mon, 13 Feb 2023, Philippe Mathieu-Daudé wrote:
> On 13/2/23 15:58, Philippe Mathieu-Daudé wrote:
>> On 13/2/23 15:47, BALATON Zoltan wrote:
>>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>>> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>>>>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>>>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>>>>> Currently -d guest_errors enables logging of different invalid 
>>>>>>>> actions
>>>>>>>> by the guest such as misusing hardware, accessing missing features or
>>>>>>>> invalid memory areas.
>
> - misusing hardware => LOG_GUEST_ERROR
> - accessing missing features => LOG_UNIMP
> - invalid memory areas => depending on the bus bridge, can be:
>
>  #define MEMTX_OK              0
>  #define MEMTX_ERROR          (1U << 0) /* device returned an error */
>  #define MEMTX_DECODE_ERROR   (1U << 1) /* nothing at that address */
>  #define MEMTX_ACCESS_ERROR   (1U << 2) /* access denied */
>
>>>>>>>> The memory access logging can be quite verbose
>>>>>>>> which obscures the other messages enabled by this debug switch so
>>>>>>>> separate it by adding a new -d memaccess option to make it possible 
>>>>>>>> to
>>>>>>>> control it independently of other guest error logs.
>>>>>>>> 
>>>>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>>>> 
>>>>>>> Ping? Could somebody review and pick it up please?
>>>>>> 
>>>>>> Ping?
>>>>> 
>>>>> Patch makes sense to me and looks fine, so:
>>>>> 
>>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>>> 
>>>>> ... I think this should go via one of the "Memory API" maintainers 
>>>>> branches?
>>>>> Paolo? Peter? David?
>>>> 
>>>> Paolo normally does the pull, I assume that'll still be the case.  The
>>>> patch looks good to me if Phil's comment will be addressed on merging 
>>>> with
>>>> the old mask, which makes sense to me:
>>> 
>>> Keeping the old mask kind of defies the purpose. I've tried to explain 
>>> that in the commit message
>
> It is hard to justify we need a new mask and scripts have to adapt to
> your new format. I assume you can not use trace-event because you want
> this logging available in a RELEASE build, right?

Guest errors are useful in a release build, unassigned access probably 
less so but since I want to separate them from guest_errors I don't see 
how logging mem access via trace would be any different for your concerns.

Regards,
BALATON Zoltan

On Mon, Feb 13, 2023 at 05:34:04PM +0100, BALATON Zoltan wrote:
> On Mon, 13 Feb 2023, Peter Xu wrote:
> > On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote:
> > > On Mon, 13 Feb 2023, Peter Xu wrote:
> > > > On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
> > > > > On 07/02/2023 17.33, BALATON Zoltan wrote:
> > > > > > On Tue, 31 Jan 2023, BALATON Zoltan wrote:
> > > > > > > On Thu, 19 Jan 2023, BALATON Zoltan wrote:
> > > > > > > > Currently -d guest_errors enables logging of different invalid actions
> > > > > > > > by the guest such as misusing hardware, accessing missing features or
> > > > > > > > invalid memory areas. The memory access logging can be quite verbose
> > > > > > > > which obscures the other messages enabled by this debug switch so
> > > > > > > > separate it by adding a new -d memaccess option to make it possible to
> > > > > > > > control it independently of other guest error logs.
> > > > > > > > 
> > > > > > > > Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> > > > > > > 
> > > > > > > Ping? Could somebody review and pick it up please?
> > > > > > 
> > > > > > Ping?
> > > > > 
> > > > > Patch makes sense to me and looks fine, so:
> > > > > 
> > > > > Reviewed-by: Thomas Huth <thuth@redhat.com>
> > > > > 
> > > > > ... I think this should go via one of the "Memory API" maintainers branches?
> > > > > Paolo? Peter? David?
> > > > 
> > > > Paolo normally does the pull, I assume that'll still be the case.  The
> > > > patch looks good to me if Phil's comment will be addressed on merging with
> > > > the old mask, which makes sense to me:
> > > 
> > > Keeping the old mask kind of defies the purpose. I've tried to explain that
> > > in the commit message but now that two of you did not get it maybe that
> > > message needs to be clarified instead?
> > 
> > I think it's clear enough.  My fault to not read carefully into the
> > message, sorry.
> > 
> > However, could you explain why a memory_region_access_valid() failure
> > shouldn't belong to LOG_GUEST_ERROR?
> > 
> > commit e54eba1986f6c4bac2951e7f90a849cd842e25e4
> > Author: Peter Maydell <peter.maydell@linaro.org>
> > Date:   Thu Oct 18 14:11:35 2012 +0100
> > 
> >    qemu-log: Add new log category for guest bugs
> > 
> >    Add a new category for device models to log guest behaviour
> >    which is likely to be a guest bug of some kind (accessing
> >    nonexistent registers, reading 32 bit wide registers with
> >    a byte access, etc). Making this its own log category allows
> >    those who care (mostly guest OS authors) to see the complaints
> >    without bothering most users.
> > 
> > Such an illegal memory access is definitely a suitable candidate of guest
> > misbehave to me.
> 
> Problem is that a lot of machines have unimplemented hardware that are valid
> on real machine but we don't model them so running guests which access these
> generate constant flow of unassigned memory access log which obscures the
> actual guest_errors when an modelled device is accessed in unexpected ways.
> For an example you can try booting MorphOS on mac99,via=pmu as described
> here: http://zero.eik.bme.hu/~balaton/qemu/amiga/#morphos
> (or the pegasos2 command too). We could add dummy registers to silence these
> but I think it's better to either implement it correctly or leave it
> unimplemented so we don't hide errors by the dummy implementation.
> 
> > Not to mention Phil always have a good point that you may be violating
> > others using guest_error already so what they wanted to capture can
> > misterious going away without noticing, even if it may service your goal.
> > IOW it's a slight ABI and I think we ned justification to break it.
> 
> Probably this should be documented in changelog or do we need depracation
> for a debug option meant for developers mostly? I did not think so. Also I
> can't think of other way to solve this without changing what guest_erorrs do
> unless we change the name of that flag as well. Also not that when this was
> originally added it did not contain mem access logs as those were controlled
> by a define in memory.c until Philippe changed it and added them to
> guest_errors. So in a way I want the previous functionality back.

I see, thanks.

Indeed it's only a debug option, so I don't know whether the abi needs the
attention here.

I quickly looked at all the masks and afaict this is really a special and
very useful one that if I'm a cloud provider I can run some script trying
to capture those violations using this bit to identify suspecious guests.

So I think it would still be great to not break it if possible, IMHO.

Since currently I don't see an immediate limitation of having qemu log mask
being a single bit for each of the entry, one way to satisfy your need (and
also keep the old behavior, iiuc), is to make guest_errors a sugar syntax
to cover 2 bits.  It shouldn't be complicated at all, I assume:

+/* This covers the generic guest errors besides memory violations */
 #define LOG_GUEST_ERROR    (1 << 11)

+/*
+ * This covers the guest errors on memory violations; see LOG_GUEST_ERROR
+ * for generic guest errors.
+ */
+#define LOG_GUEST_ERROR_MEM      (1 << 21)
+#define LOG_GUEST_ERROR_ALL      (LOG_GUEST_ERROR | LOG_GUEST_ERROR_MEM)

-    { LOG_GUEST_ERROR, "guest_errors",
+    { LOG_GUEST_ERROR_ALL, "guest_errors",

Then somehow squashed with your changes.  It'll make "guest_errors" not
exactly matching the name of LOG_* but I think it may not be a big concern.

Thanks,

On 13/2/23 18:17, Peter Xu wrote:
> On Mon, Feb 13, 2023 at 05:34:04PM +0100, BALATON Zoltan wrote:
>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>> On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote:
>>>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>>>> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>>>>>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>>>>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>>>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>>>>>> Currently -d guest_errors enables logging of different invalid actions
>>>>>>>>> by the guest such as misusing hardware, accessing missing features or
>>>>>>>>> invalid memory areas. The memory access logging can be quite verbose
>>>>>>>>> which obscures the other messages enabled by this debug switch so
>>>>>>>>> separate it by adding a new -d memaccess option to make it possible to
>>>>>>>>> control it independently of other guest error logs.
>>>>>>>>>
>>>>>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>>>>>
>>>>>>>> Ping? Could somebody review and pick it up please?
>>>>>>>
>>>>>>> Ping?
>>>>>>
>>>>>> Patch makes sense to me and looks fine, so:
>>>>>>
>>>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>>>>
>>>>>> ... I think this should go via one of the "Memory API" maintainers branches?
>>>>>> Paolo? Peter? David?
>>>>>
>>>>> Paolo normally does the pull, I assume that'll still be the case.  The
>>>>> patch looks good to me if Phil's comment will be addressed on merging with
>>>>> the old mask, which makes sense to me:
>>>>
>>>> Keeping the old mask kind of defies the purpose. I've tried to explain that
>>>> in the commit message but now that two of you did not get it maybe that
>>>> message needs to be clarified instead?
>>>
>>> I think it's clear enough.  My fault to not read carefully into the
>>> message, sorry.
>>>
>>> However, could you explain why a memory_region_access_valid() failure
>>> shouldn't belong to LOG_GUEST_ERROR?
>>>
>>> commit e54eba1986f6c4bac2951e7f90a849cd842e25e4
>>> Author: Peter Maydell <peter.maydell@linaro.org>
>>> Date:   Thu Oct 18 14:11:35 2012 +0100
>>>
>>>     qemu-log: Add new log category for guest bugs
>>>
>>>     Add a new category for device models to log guest behaviour
>>>     which is likely to be a guest bug of some kind (accessing
>>>     nonexistent registers, reading 32 bit wide registers with
>>>     a byte access, etc). Making this its own log category allows
>>>     those who care (mostly guest OS authors) to see the complaints
>>>     without bothering most users.
>>>
>>> Such an illegal memory access is definitely a suitable candidate of guest
>>> misbehave to me.
>>
>> Problem is that a lot of machines have unimplemented hardware that are valid
>> on real machine but we don't model them so running guests which access these
>> generate constant flow of unassigned memory access log which obscures the
>> actual guest_errors when an modelled device is accessed in unexpected ways.
>> For an example you can try booting MorphOS on mac99,via=pmu as described
>> here: http://zero.eik.bme.hu/~balaton/qemu/amiga/#morphos
>> (or the pegasos2 command too). We could add dummy registers to silence these
>> but I think it's better to either implement it correctly or leave it
>> unimplemented so we don't hide errors by the dummy implementation.
>>
>>> Not to mention Phil always have a good point that you may be violating
>>> others using guest_error already so what they wanted to capture can
>>> misterious going away without noticing, even if it may service your goal.
>>> IOW it's a slight ABI and I think we ned justification to break it.
>>
>> Probably this should be documented in changelog or do we need depracation
>> for a debug option meant for developers mostly? I did not think so. Also I
>> can't think of other way to solve this without changing what guest_erorrs do
>> unless we change the name of that flag as well. Also not that when this was
>> originally added it did not contain mem access logs as those were controlled
>> by a define in memory.c until Philippe changed it and added them to
>> guest_errors. So in a way I want the previous functionality back.
> 
> I see, thanks.
> 
> Indeed it's only a debug option, so I don't know whether the abi needs the
> attention here.
> 
> I quickly looked at all the masks and afaict this is really a special and
> very useful one that if I'm a cloud provider I can run some script trying
> to capture those violations using this bit to identify suspecious guests.
> 
> So I think it would still be great to not break it if possible, IMHO.
> 
> Since currently I don't see an immediate limitation of having qemu log mask
> being a single bit for each of the entry, one way to satisfy your need (and
> also keep the old behavior, iiuc), is to make guest_errors a sugar syntax
> to cover 2 bits.  It shouldn't be complicated at all, I assume:
> 
> +/* This covers the generic guest errors besides memory violations */
>   #define LOG_GUEST_ERROR    (1 << 11)
> 
> +/*
> + * This covers the guest errors on memory violations; see LOG_GUEST_ERROR
> + * for generic guest errors.
> + */
> +#define LOG_GUEST_ERROR_MEM      (1 << 21)
> +#define LOG_GUEST_ERROR_ALL      (LOG_GUEST_ERROR | LOG_GUEST_ERROR_MEM)
> 
> -    { LOG_GUEST_ERROR, "guest_errors",
> +    { LOG_GUEST_ERROR_ALL, "guest_errors",
> 
> Then somehow squashed with your changes.  It'll make "guest_errors" not
> exactly matching the name of LOG_* but I think it may not be a big concern.

Thanks Peter for having a look. Cc'ing libvir-list@ to see if this
change could have an impact. If no one else object I'm OK to take the
patch as is, except if you (Peter) want the description to be reworded.

Regards,

Phil.

On Mon, 13 Feb 2023, Peter Xu wrote:
> On Mon, Feb 13, 2023 at 05:34:04PM +0100, BALATON Zoltan wrote:
>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>> On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote:
>>>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>>>> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>>>>>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>>>>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>>>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>>>>>> Currently -d guest_errors enables logging of different invalid actions
>>>>>>>>> by the guest such as misusing hardware, accessing missing features or
>>>>>>>>> invalid memory areas. The memory access logging can be quite verbose
>>>>>>>>> which obscures the other messages enabled by this debug switch so
>>>>>>>>> separate it by adding a new -d memaccess option to make it possible to
>>>>>>>>> control it independently of other guest error logs.
>>>>>>>>>
>>>>>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>>>>>
>>>>>>>> Ping? Could somebody review and pick it up please?
>>>>>>>
>>>>>>> Ping?
>>>>>>
>>>>>> Patch makes sense to me and looks fine, so:
>>>>>>
>>>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>>>>
>>>>>> ... I think this should go via one of the "Memory API" maintainers branches?
>>>>>> Paolo? Peter? David?
>>>>>
>>>>> Paolo normally does the pull, I assume that'll still be the case.  The
>>>>> patch looks good to me if Phil's comment will be addressed on merging with
>>>>> the old mask, which makes sense to me:
>>>>
>>>> Keeping the old mask kind of defies the purpose. I've tried to explain that
>>>> in the commit message but now that two of you did not get it maybe that
>>>> message needs to be clarified instead?
>>>
>>> I think it's clear enough.  My fault to not read carefully into the
>>> message, sorry.
>>>
>>> However, could you explain why a memory_region_access_valid() failure
>>> shouldn't belong to LOG_GUEST_ERROR?
>>>
>>> commit e54eba1986f6c4bac2951e7f90a849cd842e25e4
>>> Author: Peter Maydell <peter.maydell@linaro.org>
>>> Date:   Thu Oct 18 14:11:35 2012 +0100
>>>
>>>    qemu-log: Add new log category for guest bugs
>>>
>>>    Add a new category for device models to log guest behaviour
>>>    which is likely to be a guest bug of some kind (accessing
>>>    nonexistent registers, reading 32 bit wide registers with
>>>    a byte access, etc). Making this its own log category allows
>>>    those who care (mostly guest OS authors) to see the complaints
>>>    without bothering most users.
>>>
>>> Such an illegal memory access is definitely a suitable candidate of guest
>>> misbehave to me.
>>
>> Problem is that a lot of machines have unimplemented hardware that are valid
>> on real machine but we don't model them so running guests which access these
>> generate constant flow of unassigned memory access log which obscures the
>> actual guest_errors when an modelled device is accessed in unexpected ways.
>> For an example you can try booting MorphOS on mac99,via=pmu as described
>> here: http://zero.eik.bme.hu/~balaton/qemu/amiga/#morphos
>> (or the pegasos2 command too). We could add dummy registers to silence these
>> but I think it's better to either implement it correctly or leave it
>> unimplemented so we don't hide errors by the dummy implementation.
>>
>>> Not to mention Phil always have a good point that you may be violating
>>> others using guest_error already so what they wanted to capture can
>>> misterious going away without noticing, even if it may service your goal.
>>> IOW it's a slight ABI and I think we ned justification to break it.
>>
>> Probably this should be documented in changelog or do we need depracation
>> for a debug option meant for developers mostly? I did not think so. Also I
>> can't think of other way to solve this without changing what guest_erorrs do
>> unless we change the name of that flag as well. Also not that when this was
>> originally added it did not contain mem access logs as those were controlled
>> by a define in memory.c until Philippe changed it and added them to
>> guest_errors. So in a way I want the previous functionality back.
>
> I see, thanks.
>
> Indeed it's only a debug option, so I don't know whether the abi needs the
> attention here.
>
> I quickly looked at all the masks and afaict this is really a special and
> very useful one that if I'm a cloud provider I can run some script trying
> to capture those violations using this bit to identify suspecious guests.
>
> So I think it would still be great to not break it if possible, IMHO.
>
> Since currently I don't see an immediate limitation of having qemu log mask
> being a single bit for each of the entry, one way to satisfy your need (and
> also keep the old behavior, iiuc), is to make guest_errors a sugar syntax
> to cover 2 bits.  It shouldn't be complicated at all, I assume:
>
> +/* This covers the generic guest errors besides memory violations */
> #define LOG_GUEST_ERROR    (1 << 11)
>
> +/*
> + * This covers the guest errors on memory violations; see LOG_GUEST_ERROR
> + * for generic guest errors.
> + */
> +#define LOG_GUEST_ERROR_MEM      (1 << 21)
> +#define LOG_GUEST_ERROR_ALL      (LOG_GUEST_ERROR | LOG_GUEST_ERROR_MEM)
>
> -    { LOG_GUEST_ERROR, "guest_errors",
> +    { LOG_GUEST_ERROR_ALL, "guest_errors",
>
> Then somehow squashed with your changes.  It'll make "guest_errors" not
> exactly matching the name of LOG_* but I think it may not be a big concern.

I'm not sure I understand this. So -d memaccess would give me the 
unassigned logs, that's fine and -d guest_errors are both LOG_GUEST_ERROR 
and memaccess like currently but what option would give me just the 
guest_Errors before mem access started to use this flag too? (I could not 
locate the commit that changed this but I remember previously the 
unassigned mem logs were enabled with a define in memory.c.) Do we need 
another -d option for just the guest errors then? What should that be 
called?

Regards,
BALATON Zoltan

On Mon, Feb 13, 2023 at 07:34:55PM +0100, BALATON Zoltan wrote:
> On Mon, 13 Feb 2023, Peter Xu wrote:
> > On Mon, Feb 13, 2023 at 05:34:04PM +0100, BALATON Zoltan wrote:
> > > On Mon, 13 Feb 2023, Peter Xu wrote:
> > > > On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote:
> > > > > On Mon, 13 Feb 2023, Peter Xu wrote:
> > > > > > On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
> > > > > > > On 07/02/2023 17.33, BALATON Zoltan wrote:
> > > > > > > > On Tue, 31 Jan 2023, BALATON Zoltan wrote:
> > > > > > > > > On Thu, 19 Jan 2023, BALATON Zoltan wrote:
> > > > > > > > > > Currently -d guest_errors enables logging of different invalid actions
> > > > > > > > > > by the guest such as misusing hardware, accessing missing features or
> > > > > > > > > > invalid memory areas. The memory access logging can be quite verbose
> > > > > > > > > > which obscures the other messages enabled by this debug switch so
> > > > > > > > > > separate it by adding a new -d memaccess option to make it possible to
> > > > > > > > > > control it independently of other guest error logs.
> > > > > > > > > > 
> > > > > > > > > > Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> > > > > > > > > 
> > > > > > > > > Ping? Could somebody review and pick it up please?
> > > > > > > > 
> > > > > > > > Ping?
> > > > > > > 
> > > > > > > Patch makes sense to me and looks fine, so:
> > > > > > > 
> > > > > > > Reviewed-by: Thomas Huth <thuth@redhat.com>
> > > > > > > 
> > > > > > > ... I think this should go via one of the "Memory API" maintainers branches?
> > > > > > > Paolo? Peter? David?
> > > > > > 
> > > > > > Paolo normally does the pull, I assume that'll still be the case.  The
> > > > > > patch looks good to me if Phil's comment will be addressed on merging with
> > > > > > the old mask, which makes sense to me:
> > > > > 
> > > > > Keeping the old mask kind of defies the purpose. I've tried to explain that
> > > > > in the commit message but now that two of you did not get it maybe that
> > > > > message needs to be clarified instead?
> > > > 
> > > > I think it's clear enough.  My fault to not read carefully into the
> > > > message, sorry.
> > > > 
> > > > However, could you explain why a memory_region_access_valid() failure
> > > > shouldn't belong to LOG_GUEST_ERROR?
> > > > 
> > > > commit e54eba1986f6c4bac2951e7f90a849cd842e25e4
> > > > Author: Peter Maydell <peter.maydell@linaro.org>
> > > > Date:   Thu Oct 18 14:11:35 2012 +0100
> > > > 
> > > >    qemu-log: Add new log category for guest bugs
> > > > 
> > > >    Add a new category for device models to log guest behaviour
> > > >    which is likely to be a guest bug of some kind (accessing
> > > >    nonexistent registers, reading 32 bit wide registers with
> > > >    a byte access, etc). Making this its own log category allows
> > > >    those who care (mostly guest OS authors) to see the complaints
> > > >    without bothering most users.
> > > > 
> > > > Such an illegal memory access is definitely a suitable candidate of guest
> > > > misbehave to me.
> > > 
> > > Problem is that a lot of machines have unimplemented hardware that are valid
> > > on real machine but we don't model them so running guests which access these
> > > generate constant flow of unassigned memory access log which obscures the
> > > actual guest_errors when an modelled device is accessed in unexpected ways.
> > > For an example you can try booting MorphOS on mac99,via=pmu as described
> > > here: http://zero.eik.bme.hu/~balaton/qemu/amiga/#morphos
> > > (or the pegasos2 command too). We could add dummy registers to silence these
> > > but I think it's better to either implement it correctly or leave it
> > > unimplemented so we don't hide errors by the dummy implementation.
> > > 
> > > > Not to mention Phil always have a good point that you may be violating
> > > > others using guest_error already so what they wanted to capture can
> > > > misterious going away without noticing, even if it may service your goal.
> > > > IOW it's a slight ABI and I think we ned justification to break it.
> > > 
> > > Probably this should be documented in changelog or do we need depracation
> > > for a debug option meant for developers mostly? I did not think so. Also I
> > > can't think of other way to solve this without changing what guest_erorrs do
> > > unless we change the name of that flag as well. Also not that when this was
> > > originally added it did not contain mem access logs as those were controlled
> > > by a define in memory.c until Philippe changed it and added them to
> > > guest_errors. So in a way I want the previous functionality back.
> > 
> > I see, thanks.
> > 
> > Indeed it's only a debug option, so I don't know whether the abi needs the
> > attention here.
> > 
> > I quickly looked at all the masks and afaict this is really a special and
> > very useful one that if I'm a cloud provider I can run some script trying
> > to capture those violations using this bit to identify suspecious guests.
> > 
> > So I think it would still be great to not break it if possible, IMHO.
> > 
> > Since currently I don't see an immediate limitation of having qemu log mask
> > being a single bit for each of the entry, one way to satisfy your need (and
> > also keep the old behavior, iiuc), is to make guest_errors a sugar syntax
> > to cover 2 bits.  It shouldn't be complicated at all, I assume:
> > 
> > +/* This covers the generic guest errors besides memory violations */
> > #define LOG_GUEST_ERROR    (1 << 11)
> > 
> > +/*
> > + * This covers the guest errors on memory violations; see LOG_GUEST_ERROR
> > + * for generic guest errors.
> > + */
> > +#define LOG_GUEST_ERROR_MEM      (1 << 21)
> > +#define LOG_GUEST_ERROR_ALL      (LOG_GUEST_ERROR | LOG_GUEST_ERROR_MEM)
> > 
> > -    { LOG_GUEST_ERROR, "guest_errors",
> > +    { LOG_GUEST_ERROR_ALL, "guest_errors",
> > 
> > Then somehow squashed with your changes.  It'll make "guest_errors" not
> > exactly matching the name of LOG_* but I think it may not be a big concern.
> 
> I'm not sure I understand this. So -d memaccess would give me the unassigned
> logs, that's fine and -d guest_errors are both LOG_GUEST_ERROR and memaccess
> like currently but what option would give me just the guest_Errors before
> mem access started to use this flag too? (I could not locate the commit that
> changed this but I remember previously the unassigned mem logs were enabled
> with a define in memory.c.) Do we need another -d option for just the guest
> errors then? What should that be called?

I forgot to add those two definitions into qemu_log_items just now.  It can
be defined as:

  - "guest_errors_common" for !mem errors
  - "guest_errors_mem" for mem errors
  - "guest_errors" for mem+!mem (compatible to the old code)

With the two lines added:

-    { LOG_GUEST_ERROR, "guest_errors",
+    { LOG_GUEST_ERROR_ALL, "guest_errors",
       "log when the guest OS does something invalid (eg accessing a\n"
       "non-existent register)" },
+    { LOG_GUEST_ERROR, "guest_errors_common", "..." },
+    { LOG_GUEST_ERROR_MEM, "guest_errors_mem", "..." },

I saw that Phil revoked his concern, I don't have a strong opinion
personally, assuming Phil knows better on that since he modified the memory
loggings before.  If all are happy with this, please proceed with either
way.

Thanks,

On Mon, 13 Feb 2023, Peter Xu wrote:
> On Mon, Feb 13, 2023 at 07:34:55PM +0100, BALATON Zoltan wrote:
>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>> On Mon, Feb 13, 2023 at 05:34:04PM +0100, BALATON Zoltan wrote:
>>>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>>>> On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote:
>>>>>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>>>>>> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>>>>>>>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>>>>>>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>>>>>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>>>>>>>> Currently -d guest_errors enables logging of different invalid actions
>>>>>>>>>>> by the guest such as misusing hardware, accessing missing features or
>>>>>>>>>>> invalid memory areas. The memory access logging can be quite verbose
>>>>>>>>>>> which obscures the other messages enabled by this debug switch so
>>>>>>>>>>> separate it by adding a new -d memaccess option to make it possible to
>>>>>>>>>>> control it independently of other guest error logs.
>>>>>>>>>>>
>>>>>>>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>>>>>>>
>>>>>>>>>> Ping? Could somebody review and pick it up please?
>>>>>>>>>
>>>>>>>>> Ping?
>>>>>>>>
>>>>>>>> Patch makes sense to me and looks fine, so:
>>>>>>>>
>>>>>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>>>>>>
>>>>>>>> ... I think this should go via one of the "Memory API" maintainers branches?
>>>>>>>> Paolo? Peter? David?
>>>>>>>
>>>>>>> Paolo normally does the pull, I assume that'll still be the case.  The
>>>>>>> patch looks good to me if Phil's comment will be addressed on merging with
>>>>>>> the old mask, which makes sense to me:
>>>>>>
>>>>>> Keeping the old mask kind of defies the purpose. I've tried to explain that
>>>>>> in the commit message but now that two of you did not get it maybe that
>>>>>> message needs to be clarified instead?
>>>>>
>>>>> I think it's clear enough.  My fault to not read carefully into the
>>>>> message, sorry.
>>>>>
>>>>> However, could you explain why a memory_region_access_valid() failure
>>>>> shouldn't belong to LOG_GUEST_ERROR?
>>>>>
>>>>> commit e54eba1986f6c4bac2951e7f90a849cd842e25e4
>>>>> Author: Peter Maydell <peter.maydell@linaro.org>
>>>>> Date:   Thu Oct 18 14:11:35 2012 +0100
>>>>>
>>>>>    qemu-log: Add new log category for guest bugs
>>>>>
>>>>>    Add a new category for device models to log guest behaviour
>>>>>    which is likely to be a guest bug of some kind (accessing
>>>>>    nonexistent registers, reading 32 bit wide registers with
>>>>>    a byte access, etc). Making this its own log category allows
>>>>>    those who care (mostly guest OS authors) to see the complaints
>>>>>    without bothering most users.
>>>>>
>>>>> Such an illegal memory access is definitely a suitable candidate of guest
>>>>> misbehave to me.
>>>>
>>>> Problem is that a lot of machines have unimplemented hardware that are valid
>>>> on real machine but we don't model them so running guests which access these
>>>> generate constant flow of unassigned memory access log which obscures the
>>>> actual guest_errors when an modelled device is accessed in unexpected ways.
>>>> For an example you can try booting MorphOS on mac99,via=pmu as described
>>>> here: http://zero.eik.bme.hu/~balaton/qemu/amiga/#morphos
>>>> (or the pegasos2 command too). We could add dummy registers to silence these
>>>> but I think it's better to either implement it correctly or leave it
>>>> unimplemented so we don't hide errors by the dummy implementation.
>>>>
>>>>> Not to mention Phil always have a good point that you may be violating
>>>>> others using guest_error already so what they wanted to capture can
>>>>> misterious going away without noticing, even if it may service your goal.
>>>>> IOW it's a slight ABI and I think we ned justification to break it.
>>>>
>>>> Probably this should be documented in changelog or do we need depracation
>>>> for a debug option meant for developers mostly? I did not think so. Also I
>>>> can't think of other way to solve this without changing what guest_erorrs do
>>>> unless we change the name of that flag as well. Also not that when this was
>>>> originally added it did not contain mem access logs as those were controlled
>>>> by a define in memory.c until Philippe changed it and added them to
>>>> guest_errors. So in a way I want the previous functionality back.
>>>
>>> I see, thanks.
>>>
>>> Indeed it's only a debug option, so I don't know whether the abi needs the
>>> attention here.
>>>
>>> I quickly looked at all the masks and afaict this is really a special and
>>> very useful one that if I'm a cloud provider I can run some script trying
>>> to capture those violations using this bit to identify suspecious guests.
>>>
>>> So I think it would still be great to not break it if possible, IMHO.
>>>
>>> Since currently I don't see an immediate limitation of having qemu log mask
>>> being a single bit for each of the entry, one way to satisfy your need (and
>>> also keep the old behavior, iiuc), is to make guest_errors a sugar syntax
>>> to cover 2 bits.  It shouldn't be complicated at all, I assume:
>>>
>>> +/* This covers the generic guest errors besides memory violations */
>>> #define LOG_GUEST_ERROR    (1 << 11)
>>>
>>> +/*
>>> + * This covers the guest errors on memory violations; see LOG_GUEST_ERROR
>>> + * for generic guest errors.
>>> + */
>>> +#define LOG_GUEST_ERROR_MEM      (1 << 21)
>>> +#define LOG_GUEST_ERROR_ALL      (LOG_GUEST_ERROR | LOG_GUEST_ERROR_MEM)
>>>
>>> -    { LOG_GUEST_ERROR, "guest_errors",
>>> +    { LOG_GUEST_ERROR_ALL, "guest_errors",
>>>
>>> Then somehow squashed with your changes.  It'll make "guest_errors" not
>>> exactly matching the name of LOG_* but I think it may not be a big concern.
>>
>> I'm not sure I understand this. So -d memaccess would give me the unassigned
>> logs, that's fine and -d guest_errors are both LOG_GUEST_ERROR and memaccess
>> like currently but what option would give me just the guest_Errors before
>> mem access started to use this flag too? (I could not locate the commit that
>> changed this but I remember previously the unassigned mem logs were enabled
>> with a define in memory.c.) Do we need another -d option for just the guest
>> errors then? What should that be called?
>
> I forgot to add those two definitions into qemu_log_items just now.  It can
> be defined as:
>
>  - "guest_errors_common" for !mem errors
>  - "guest_errors_mem" for mem errors
>  - "guest_errors" for mem+!mem (compatible to the old code)

OK I get that now but I would still like to call these differently. For 
one these are very long and also not quite clear. Unassigned mem access is 
most often not a guest error but error in emulating hardware, that is 
guest accessing devices we don't model will result in these so the guest 
does nothing wrong is't just missing emulation. Therefore I'd keep the 
flag called LOG_MEM_ACCESS and corresponding -d memaccess option. We can 
keep guest_errors to do what it does now setting both flags but then we 
need a new name for LOG_GUEST_ERROR alone. We could call that -d 
guest_error and then deprecate guest_errors to eventually get everybody 
convert to use -d guest_error,memeaccess instead which would also match 
the flags but I'm also OK with some other -d option name for just 
LOG_GUEST_ERROR however I don't think renaming the LOG_GUEST_ERROR flag is 
a good idea so that would result in mismatch between flag and option, but 
that could be OK.

> With the two lines added:
>
> -    { LOG_GUEST_ERROR, "guest_errors",
> +    { LOG_GUEST_ERROR_ALL, "guest_errors",
>       "log when the guest OS does something invalid (eg accessing a\n"
>       "non-existent register)" },
> +    { LOG_GUEST_ERROR, "guest_errors_common", "..." },
> +    { LOG_GUEST_ERROR_MEM, "guest_errors_mem", "..." },
>
> I saw that Phil revoked his concern, I don't have a strong opinion
> personally, assuming Phil knows better on that since he modified the memory
> loggings before.  If all are happy with this, please proceed with either
> way.

IIUC he was OK with adding memaccess as long as guest_errors will not 
change so together with this proposal but he can clarify what he prefers. 
I just want separate -d options for memaccess and the rest that's now in 
guest_errors the way it was before mem access errors were added to this 
flag.

Regards,
BALATON Zoltan

On Mon, 13 Feb 2023, BALATON Zoltan wrote:
> On Mon, 13 Feb 2023, Peter Xu wrote:
>> On Mon, Feb 13, 2023 at 07:34:55PM +0100, BALATON Zoltan wrote:
>>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>>> On Mon, Feb 13, 2023 at 05:34:04PM +0100, BALATON Zoltan wrote:
>>>>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>>>>> On Mon, Feb 13, 2023 at 03:47:42PM +0100, BALATON Zoltan wrote:
>>>>>>> On Mon, 13 Feb 2023, Peter Xu wrote:
>>>>>>>> On Mon, Feb 13, 2023 at 12:41:29PM +0100, Thomas Huth wrote:
>>>>>>>>> On 07/02/2023 17.33, BALATON Zoltan wrote:
>>>>>>>>>> On Tue, 31 Jan 2023, BALATON Zoltan wrote:
>>>>>>>>>>> On Thu, 19 Jan 2023, BALATON Zoltan wrote:
>>>>>>>>>>>> Currently -d guest_errors enables logging of different invalid 
>>>>>>>>>>>> actions
>>>>>>>>>>>> by the guest such as misusing hardware, accessing missing 
>>>>>>>>>>>> features or
>>>>>>>>>>>> invalid memory areas. The memory access logging can be quite 
>>>>>>>>>>>> verbose
>>>>>>>>>>>> which obscures the other messages enabled by this debug switch so
>>>>>>>>>>>> separate it by adding a new -d memaccess option to make it 
>>>>>>>>>>>> possible to
>>>>>>>>>>>> control it independently of other guest error logs.
>>>>>>>>>>>> 
>>>>>>>>>>>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>>>>>>>>>>> 
>>>>>>>>>>> Ping? Could somebody review and pick it up please?
>>>>>>>>>> 
>>>>>>>>>> Ping?
>>>>>>>>> 
>>>>>>>>> Patch makes sense to me and looks fine, so:
>>>>>>>>> 
>>>>>>>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>>>>>>> 
>>>>>>>>> ... I think this should go via one of the "Memory API" maintainers 
>>>>>>>>> branches?
>>>>>>>>> Paolo? Peter? David?
>>>>>>>> 
>>>>>>>> Paolo normally does the pull, I assume that'll still be the case. 
>>>>>>>> The
>>>>>>>> patch looks good to me if Phil's comment will be addressed on merging 
>>>>>>>> with
>>>>>>>> the old mask, which makes sense to me:
>>>>>>> 
>>>>>>> Keeping the old mask kind of defies the purpose. I've tried to explain 
>>>>>>> that
>>>>>>> in the commit message but now that two of you did not get it maybe 
>>>>>>> that
>>>>>>> message needs to be clarified instead?
>>>>>> 
>>>>>> I think it's clear enough.  My fault to not read carefully into the
>>>>>> message, sorry.
>>>>>> 
>>>>>> However, could you explain why a memory_region_access_valid() failure
>>>>>> shouldn't belong to LOG_GUEST_ERROR?
>>>>>> 
>>>>>> commit e54eba1986f6c4bac2951e7f90a849cd842e25e4
>>>>>> Author: Peter Maydell <peter.maydell@linaro.org>
>>>>>> Date:   Thu Oct 18 14:11:35 2012 +0100
>>>>>>
>>>>>>    qemu-log: Add new log category for guest bugs
>>>>>>
>>>>>>    Add a new category for device models to log guest behaviour
>>>>>>    which is likely to be a guest bug of some kind (accessing
>>>>>>    nonexistent registers, reading 32 bit wide registers with
>>>>>>    a byte access, etc). Making this its own log category allows
>>>>>>    those who care (mostly guest OS authors) to see the complaints
>>>>>>    without bothering most users.
>>>>>> 
>>>>>> Such an illegal memory access is definitely a suitable candidate of 
>>>>>> guest
>>>>>> misbehave to me.
>>>>> 
>>>>> Problem is that a lot of machines have unimplemented hardware that are 
>>>>> valid
>>>>> on real machine but we don't model them so running guests which access 
>>>>> these
>>>>> generate constant flow of unassigned memory access log which obscures 
>>>>> the
>>>>> actual guest_errors when an modelled device is accessed in unexpected 
>>>>> ways.
>>>>> For an example you can try booting MorphOS on mac99,via=pmu as described
>>>>> here: http://zero.eik.bme.hu/~balaton/qemu/amiga/#morphos
>>>>> (or the pegasos2 command too). We could add dummy registers to silence 
>>>>> these
>>>>> but I think it's better to either implement it correctly or leave it
>>>>> unimplemented so we don't hide errors by the dummy implementation.
>>>>> 
>>>>>> Not to mention Phil always have a good point that you may be violating
>>>>>> others using guest_error already so what they wanted to capture can
>>>>>> misterious going away without noticing, even if it may service your 
>>>>>> goal.
>>>>>> IOW it's a slight ABI and I think we ned justification to break it.
>>>>> 
>>>>> Probably this should be documented in changelog or do we need 
>>>>> depracation
>>>>> for a debug option meant for developers mostly? I did not think so. Also 
>>>>> I
>>>>> can't think of other way to solve this without changing what 
>>>>> guest_erorrs do
>>>>> unless we change the name of that flag as well. Also not that when this 
>>>>> was
>>>>> originally added it did not contain mem access logs as those were 
>>>>> controlled
>>>>> by a define in memory.c until Philippe changed it and added them to
>>>>> guest_errors. So in a way I want the previous functionality back.
>>>> 
>>>> I see, thanks.
>>>> 
>>>> Indeed it's only a debug option, so I don't know whether the abi needs 
>>>> the
>>>> attention here.
>>>> 
>>>> I quickly looked at all the masks and afaict this is really a special and
>>>> very useful one that if I'm a cloud provider I can run some script trying
>>>> to capture those violations using this bit to identify suspecious guests.
>>>> 
>>>> So I think it would still be great to not break it if possible, IMHO.
>>>> 
>>>> Since currently I don't see an immediate limitation of having qemu log 
>>>> mask
>>>> being a single bit for each of the entry, one way to satisfy your need 
>>>> (and
>>>> also keep the old behavior, iiuc), is to make guest_errors a sugar syntax
>>>> to cover 2 bits.  It shouldn't be complicated at all, I assume:
>>>> 
>>>> +/* This covers the generic guest errors besides memory violations */
>>>> #define LOG_GUEST_ERROR    (1 << 11)
>>>> 
>>>> +/*
>>>> + * This covers the guest errors on memory violations; see 
>>>> LOG_GUEST_ERROR
>>>> + * for generic guest errors.
>>>> + */
>>>> +#define LOG_GUEST_ERROR_MEM      (1 << 21)
>>>> +#define LOG_GUEST_ERROR_ALL      (LOG_GUEST_ERROR | LOG_GUEST_ERROR_MEM)
>>>> 
>>>> -    { LOG_GUEST_ERROR, "guest_errors",
>>>> +    { LOG_GUEST_ERROR_ALL, "guest_errors",
>>>> 
>>>> Then somehow squashed with your changes.  It'll make "guest_errors" not
>>>> exactly matching the name of LOG_* but I think it may not be a big 
>>>> concern.
>>> 
>>> I'm not sure I understand this. So -d memaccess would give me the 
>>> unassigned
>>> logs, that's fine and -d guest_errors are both LOG_GUEST_ERROR and 
>>> memaccess
>>> like currently but what option would give me just the guest_Errors before
>>> mem access started to use this flag too? (I could not locate the commit 
>>> that
>>> changed this but I remember previously the unassigned mem logs were 
>>> enabled
>>> with a define in memory.c.) Do we need another -d option for just the 
>>> guest
>>> errors then? What should that be called?
>> 
>> I forgot to add those two definitions into qemu_log_items just now.  It can
>> be defined as:
>>
>>  - "guest_errors_common" for !mem errors
>>  - "guest_errors_mem" for mem errors
>>  - "guest_errors" for mem+!mem (compatible to the old code)
>
> OK I get that now but I would still like to call these differently. For one 
> these are very long and also not quite clear. Unassigned mem access is most 
> often not a guest error but error in emulating hardware, that is guest 
> accessing devices we don't model will result in these so the guest does 
> nothing wrong is't just missing emulation. Therefore I'd keep the flag called 
> LOG_MEM_ACCESS and corresponding -d memaccess option. We can keep 
> guest_errors to do what it does now setting both flags but then we need a new 
> name for LOG_GUEST_ERROR alone. We could call that -d guest_error and then 
> deprecate guest_errors to eventually get everybody convert to use -d 
> guest_error,memeaccess instead which would also match the flags but I'm also 
> OK with some other -d option name for just LOG_GUEST_ERROR however I don't 
> think renaming the LOG_GUEST_ERROR flag is a good idea so that would result 
> in mismatch between flag and option, but that could be OK.
>
>> With the two lines added:
>> 
>> -    { LOG_GUEST_ERROR, "guest_errors",
>> +    { LOG_GUEST_ERROR_ALL, "guest_errors",
>>       "log when the guest OS does something invalid (eg accessing a\n"
>>       "non-existent register)" },
>> +    { LOG_GUEST_ERROR, "guest_errors_common", "..." },
>> +    { LOG_GUEST_ERROR_MEM, "guest_errors_mem", "..." },
>> 
>> I saw that Phil revoked his concern, I don't have a strong opinion
>> personally, assuming Phil knows better on that since he modified the memory
>> loggings before.  If all are happy with this, please proceed with either
>> way.
>
> IIUC he was OK with adding memaccess as long as guest_errors will not change 
> so together with this proposal but he can clarify what he prefers. I just 
> want separate -d options for memaccess and the rest that's now in 
> guest_errors the way it was before mem access errors were added to this flag.

This is less important now, I can carry this single patch a bit longer but 
if you can decide on the above I may be able to still change it and 
resubmit a new version. If you're too busy to think about it now we can 
come back to this in next devel cycle.

Regards,
BALATON Zoltan