Re: [PATCH v4 2/2] hw/uefi/ovmf-log: add maxsize parameter

Sat, 18 Oct 2025 15:05:22 -0700 

Gerd Hoffmann <[email protected]> writes:

> Allow limiting the amount of log output sent.  Allow up to 1 MiB.
> In case the guest log buffer is larger than 1 MiB limit the output
> instead of throwing an error.
>
> Signed-off-by: Gerd Hoffmann <[email protected]>
> ---
>  hw/uefi/ovmf-log.c   | 40 ++++++++++++++++++++++++++++++++--------
>  hmp-commands-info.hx |  5 ++---
>  qapi/machine.json    |  3 +++
>  3 files changed, 37 insertions(+), 11 deletions(-)
>
> diff --git a/hw/uefi/ovmf-log.c b/hw/uefi/ovmf-log.c
> index f03e47a290d6..9d9dc7b0d8d5 100644
> --- a/hw/uefi/ovmf-log.c
> +++ b/hw/uefi/ovmf-log.c
> @@ -19,6 +19,7 @@
>  #include "qapi/error.h"
>  #include "qapi/type-helpers.h"
>  #include "qapi/qapi-commands-machine.h"
> +#include "qobject/qdict.h"
>  
>  
>  /* ----------------------------------------------------------------------- */
> @@ -167,7 +168,8 @@ static void handle_ovmf_log_range(GString *out,
>      }
>  }
>  
> -FirmwareLog *qmp_query_firmware_log(Error **errp)
> +FirmwareLog *qmp_query_firmware_log(bool have_maxsize, uint64_t maxsize,
> +                                    Error **errp)
>  {
>      MEM_DEBUG_LOG_HDR header;
>      dma_addr_t offset, base;
> @@ -187,18 +189,38 @@ FirmwareLog *qmp_query_firmware_log(Error **errp)
>          return NULL;
>      }
>  
> -    if (header.DebugLogSize > MiB) {
> -        /* default size is 128k (32 pages), allow up to 1M */
> -        error_setg(errp, "firmware log: log buffer is too big");
> -        return NULL;
> -    }
> -
>      if (header.DebugLogHeadOffset > header.DebugLogSize ||
>          header.DebugLogTailOffset > header.DebugLogSize) {
>          error_setg(errp, "firmware log: invalid header");
>          return NULL;
>      }
>  
> +    if (!have_maxsize) {
> +        maxsize = MiB;
> +    }
> +    if (maxsize > MiB) {
> +        maxsize = MiB;

Silently "fixing" the user's instructions is rarely a good idea.  Either
don't limit the argument (if the user asks for rope...), or make
exceeding the limit an error.

> +    }
> +
> +    /* adjust header.DebugLogHeadOffset so we rezturn at most maxsize bytes 
> */
> +    if (header.DebugLogHeadOffset > header.DebugLogTailOffset) {
> +        /* wrap around */
> +        if (header.DebugLogTailOffset > maxsize) {
> +            header.DebugLogHeadOffset = header.DebugLogTailOffset - maxsize;
> +        } else {
> +            uint64_t maxchunk = maxsize - header.DebugLogTailOffset;
> +            if (header.DebugLogSize > maxchunk &&
> +                header.DebugLogHeadOffset < header.DebugLogSize - maxchunk) {
> +                header.DebugLogHeadOffset = header.DebugLogSize - maxchunk;
> +            }
> +        }
> +    } else {
> +        if (header.DebugLogTailOffset > maxsize &&
> +            header.DebugLogHeadOffset < header.DebugLogTailOffset - maxsize) 
> {
> +            header.DebugLogHeadOffset = header.DebugLogTailOffset - maxsize;
> +        }
> +    }
> +
>      base = offset + header.HeaderSize;
>      if (header.DebugLogHeadOffset > header.DebugLogTailOffset) {
>          /* wrap around */
> @@ -237,8 +259,10 @@ void hmp_info_firmware_log(Monitor *mon, const QDict 
> *qdict)
>  {
>      Error *errp = NULL;
>      FirmwareLog *log;
> +    int64_t maxsize;
>  
> -    log = qmp_query_firmware_log(&errp);
> +    maxsize = qdict_get_try_int(qdict, "maxsize", -1);
> +    log = qmp_query_firmware_log(maxsize != -1, (uint64_t)maxsize, &errp);

Put a pin here.

>      if (errp)  {
>          hmp_handle_error(mon, errp);
>          return;
> diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
> index 257015f0b403..db03d88d3c74 100644
> --- a/hmp-commands-info.hx
> +++ b/hmp-commands-info.hx
> @@ -980,11 +980,10 @@ ERST
>  
>      {
>          .name       = "firmware-log",
> -        .args_type  = "",
> -        .params     = "",
> +        .args_type  = "maxsize:i?",

args_type 'i' is a 32 bit signed integer, so this gives us 31 bits.
Suffices.  But what happens when the user specifies a negative number?
I think hmp_info_firmware_log() treats -1 as if the parameter was
omitted.  qmp_query_firmware_log() then defaults to 1MiB.  Any other
negative number hmp_info_firmware_log() turns into a huge positive
number, which qmp_query_firmware_log() silently limits to 1MiB (but I
recommended not to do that).

Let's use 'o' instead of 'i'.  Enables convenient syntax like "64k".  63
bits.  No risk of sign accidents.

> +        .params     = "[maxsize]",
>          .help       = "show the firmware (ovmf) debug log",
>          .cmd        = hmp_info_firmware_log,
> -        .flags      = "p",

Accident?

>      },
>  
>  SRST
> diff --git a/qapi/machine.json b/qapi/machine.json
> index c96e582afdd6..d0c6d3ede027 100644
> --- a/qapi/machine.json
> +++ b/qapi/machine.json
> @@ -1857,9 +1857,12 @@
>  #
>  # Find firmware memory log buffer in guest memory, return content.
>  #
> +# @maxsize: limit the amount of logdata returned.

Please spell it @max-size.  We already use that spelling in this file.

"logdata" isn't a word.

The 1MiB limit for @maxsize needs to be documented (if we keep it).

Recommend to spell out that the command returns the tail of the log
buffer when it can't return all of it.

> +#
>  # Since: 10.2
>  ##
>  { 'command': 'query-firmware-log',
> +  'data': { '*maxsize': 'size' },
>    'returns': 'FirmwareLog' }
>  
>  ##

Reply via email to