Re: [Qemu-devel] [Qemu-ppc] [PATCH v2] spapr: quantify error messages regarding capability settings

2019-08-03 Thread David Gibson 
On Fri, Aug 02, 2019 at 11:03:48AM +1000, Daniel Black wrote:
> On Thu, 1 Aug 2019 12:41:59 +0200
> Greg Kurz  wrote:
> 
> > On Thu,  1 Aug 2019 13:38:19 +1000
> > Daniel Black  wrote:
> > 
> > > Its not immediately obvious how cap-X=Y setting need to be applied
> > > to the command line so, for spapr capability error messages, this
> > > has been clarified to:
> > > 
> ...
> > > index bbb001f84a..1c0222a081 100644
> > > --- a/hw/ppc/spapr_caps.c
> > > +++ b/hw/ppc/spapr_caps.c
> > > @@ -37,6 +37,8 @@
> > >  
> > >  #include "hw/ppc/spapr.h"
> > >  
> > > +#define CAPABILITY_ERROR(X) "appending -machine " X  
> > 
> > I would make that:
> > 
> > #define CAPABILITY_HINT() "try appending -machine " X
> > 
> > because it is really an hint for the user, not an
> > error,
> 
> Works for me. At the lowest layer it is a hint.

Oh.. of course it is.  Which means we should be using the
error_append_hint() system that's for exactly this sort of
information.

Sorry I didn't think of that earlier.

> 
> > and all original strings have "try",
> 
> True.
> 
> > except...
> 
> 
> > > @@ -249,11 +255,13 @@ static void
> > > cap_safe_cache_apply(SpaprMachineState *spapr, uint8_t val, if
> > > (tcg_enabled() && val) { /* TCG only supports broken, allow other
> > > values and print a warning */ error_setg(_err,
> > > -   "TCG doesn't support requested feature,
> > > cap-cfpc=%s",
> > > +   "TCG doesn't support requested feature, "
> > > +   CAPABILITY_ERROR("cap-cfpc=%s"),  
> > 
> > ... this one, but it doesn't look like a hint to me. It just tells
> > which is the unsupported cap.
> 
> This is one of 3 that local_error (commit
> 006e9d3618698eeef2f3e07628d22cb6f5c2a039) - intentionally just a
> warning and to TLDR the commit/Suraj conversation; defaults apply
> to all machine types; hardware security measures don't make sense in
> TCG; hence warning.
> 
> For every function with CAPABILITY_[ERROR|HINT] its called by
> spapr_caps_apply, has its errp as _fatal (intentionally - spoke
> to Suraj - migrations to machines without capabilities need to fail and
> defaults (kvm) should be secure unless explicitly disabled).
> 
> > > cap_cfpc_possible.vals[val]);
> > >  } else if (kvm_enabled() && (val > kvm_val)) {
> > >  error_setg(errp,
> > > -"Requested safe cache capability level not supported by kvm, try
> > > cap-cfpc=%s", +"Requested safe cache capability level not supported
> > > by kvm, try "
> > > +   CAPABILITY_ERROR("cap-cfpc=%s"),
> > > cap_cfpc_possible.vals[kvm_val]);  
> > 
> > Also, we have a dedicated API for hints, which are only printed under
> > the monitor but ignored under QMP.
> 
> Ok.
>  
> > Not sure why it isn't used here but it should be something like:
> 
> If error_append_hint should be used for fatal errors (all that use
> errp), then this patten should be applied further to
> CAPABILITY_[HINT|ERROR] functions.
> 
> If error_append_hint needs to apply to warnings
> cap_[cfpc/sbbc/ibs]_apply functions need to use it.
> 
> Would I be right in I'm assuming that the below pattern needs to apply
> to both of these cases?
> 
> > error_setg(errp, 
> >"Requested safe cache capability level not
> > supported by kvm");
> > error_append_hint(errp,
> > CAPABILITY_HINT("cap-cfpc=%s") "\n", cap_cfpc_possible.vals[kvm_val]);
> 
> This is going a little beyond the scope of fixing a message, ok, but
> lets not extend the scope too much more.
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2] spapr: quantify error messages regarding capability settings

2019-08-02 Thread Greg Kurz 
On Fri, 2 Aug 2019 11:03:48 +1000
Daniel Black  wrote:

> On Thu, 1 Aug 2019 12:41:59 +0200
> Greg Kurz  wrote:
> 
> > On Thu,  1 Aug 2019 13:38:19 +1000
> > Daniel Black  wrote:
> > 
> > > Its not immediately obvious how cap-X=Y setting need to be applied
> > > to the command line so, for spapr capability error messages, this
> > > has been clarified to:
> > > 
> ...
> > > index bbb001f84a..1c0222a081 100644
> > > --- a/hw/ppc/spapr_caps.c
> > > +++ b/hw/ppc/spapr_caps.c
> > > @@ -37,6 +37,8 @@
> > >  
> > >  #include "hw/ppc/spapr.h"
> > >  
> > > +#define CAPABILITY_ERROR(X) "appending -machine " X  
> > 
> > I would make that:
> > 
> > #define CAPABILITY_HINT() "try appending -machine " X
> > 
> > because it is really an hint for the user, not an
> > error,
> 
> Works for me. At the lowest layer it is a hint.
> 
> > and all original strings have "try",
> 
> True.
> 
> > except...
> 
> 
> > > @@ -249,11 +255,13 @@ static void
> > > cap_safe_cache_apply(SpaprMachineState *spapr, uint8_t val, if
> > > (tcg_enabled() && val) { /* TCG only supports broken, allow other
> > > values and print a warning */ error_setg(_err,
> > > -   "TCG doesn't support requested feature,
> > > cap-cfpc=%s",
> > > +   "TCG doesn't support requested feature, "
> > > +   CAPABILITY_ERROR("cap-cfpc=%s"),  
> > 
> > ... this one, but it doesn't look like a hint to me. It just tells
> > which is the unsupported cap.
> 
> This is one of 3 that local_error (commit
> 006e9d3618698eeef2f3e07628d22cb6f5c2a039) - intentionally just a
> warning and to TLDR the commit/Suraj conversation; defaults apply
> to all machine types; hardware security measures don't make sense in
> TCG; hence warning.
> 

Sure. What I meant is that the warning for "cap-cfpc" should be left alone,
otherwise we get:

$ ppc64-softmmu/qemu-system-ppc64 -nodefaults -nographic -machine 
pseries,accel=tcg
qemu-system-ppc64: warning: TCG doesn't support requested feature, appending 
-machine cap-cfpc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature, 
cap-sbbc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature, 
cap-ibs=workaround

and even weirder:

$ ppc64-softmmu/qemu-system-ppc64 -nodefaults -nographic -machine 
pseries,accel=tcg -machine cap-cfpc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature, appending 
-machine cap-cfpc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature, 
cap-sbbc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature, 
cap-ibs=workaround

> For every function with CAPABILITY_[ERROR|HINT] its called by
> spapr_caps_apply, has its errp as _fatal (intentionally - spoke
> to Suraj - migrations to machines without capabilities need to fail and
> defaults (kvm) should be secure unless explicitly disabled).
> 
> > > cap_cfpc_possible.vals[val]);
> > >  } else if (kvm_enabled() && (val > kvm_val)) {
> > >  error_setg(errp,
> > > -"Requested safe cache capability level not supported by kvm, try
> > > cap-cfpc=%s", +"Requested safe cache capability level not supported
> > > by kvm, try "
> > > +   CAPABILITY_ERROR("cap-cfpc=%s"),
> > > cap_cfpc_possible.vals[kvm_val]);  
> > 
> > Also, we have a dedicated API for hints, which are only printed under
> > the monitor but ignored under QMP.
> 
> Ok.
>  
> > Not sure why it isn't used here but it should be something like:
> 
> If error_append_hint should be used for fatal errors (all that use
> errp), then this patten should be applied further to
> CAPABILITY_[HINT|ERROR] functions.
> 

Hmm... looking again at error_append_hint(), it shouldn't be passed
_fatal or _abort. This calls for an extra local_err and
error_propagate() dance... Definitely not in the scope of this patch.

> If error_append_hint needs to apply to warnings
> cap_[cfpc/sbbc/ibs]_apply functions need to use it.
> 

The current warnings from commit 006e9d3618698eeef2f3e07628d22cb6f5c2a039
don't contain hints. We could potentially add one that says "try appending
-machine cap-blah=broken" but it doesn't bring much...

> Would I be right in I'm assuming that the below pattern needs to apply
> to both of these cases?
> 
> > error_setg(errp, 
> >"Requested safe cache capability level not
> > supported by kvm");
> > error_append_hint(errp,
> > CAPABILITY_HINT("cap-cfpc=%s") "\n", cap_cfpc_possible.vals[kvm_val]);
> 
> This is going a little beyond the scope of fixing a message, ok, but
> lets not extend the scope too much more.
> 

Yes, I agree. Your patch should only be about fixing the message.
I'll have a look at the error_append_hint() story when I'm back
from holidays :)

So, to sum up:
- s/CAPABILITY_ERROR/CAPABILITY_HINT and move "try" there
- drop the unwanted change in the "cap-cfpc" warning

With these fixed:

Reviewed-by: Greg Kurz 

Cheers,

--
Greg

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2] spapr: quantify error messages regarding capability settings

2019-08-01 Thread Daniel Black 
On Thu, 1 Aug 2019 12:41:59 +0200
Greg Kurz  wrote:

> On Thu,  1 Aug 2019 13:38:19 +1000
> Daniel Black  wrote:
> 
> > Its not immediately obvious how cap-X=Y setting need to be applied
> > to the command line so, for spapr capability error messages, this
> > has been clarified to:
> > 
...
> > index bbb001f84a..1c0222a081 100644
> > --- a/hw/ppc/spapr_caps.c
> > +++ b/hw/ppc/spapr_caps.c
> > @@ -37,6 +37,8 @@
> >  
> >  #include "hw/ppc/spapr.h"
> >  
> > +#define CAPABILITY_ERROR(X) "appending -machine " X  
> 
> I would make that:
> 
> #define CAPABILITY_HINT() "try appending -machine " X
> 
> because it is really an hint for the user, not an
> error,

Works for me. At the lowest layer it is a hint.

> and all original strings have "try",

True.

> except...


> > @@ -249,11 +255,13 @@ static void
> > cap_safe_cache_apply(SpaprMachineState *spapr, uint8_t val, if
> > (tcg_enabled() && val) { /* TCG only supports broken, allow other
> > values and print a warning */ error_setg(_err,
> > -   "TCG doesn't support requested feature,
> > cap-cfpc=%s",
> > +   "TCG doesn't support requested feature, "
> > +   CAPABILITY_ERROR("cap-cfpc=%s"),  
> 
> ... this one, but it doesn't look like a hint to me. It just tells
> which is the unsupported cap.

This is one of 3 that local_error (commit
006e9d3618698eeef2f3e07628d22cb6f5c2a039) - intentionally just a
warning and to TLDR the commit/Suraj conversation; defaults apply
to all machine types; hardware security measures don't make sense in
TCG; hence warning.

For every function with CAPABILITY_[ERROR|HINT] its called by
spapr_caps_apply, has its errp as _fatal (intentionally - spoke
to Suraj - migrations to machines without capabilities need to fail and
defaults (kvm) should be secure unless explicitly disabled).

> > cap_cfpc_possible.vals[val]);
> >  } else if (kvm_enabled() && (val > kvm_val)) {
> >  error_setg(errp,
> > -"Requested safe cache capability level not supported by kvm, try
> > cap-cfpc=%s", +"Requested safe cache capability level not supported
> > by kvm, try "
> > +   CAPABILITY_ERROR("cap-cfpc=%s"),
> > cap_cfpc_possible.vals[kvm_val]);  
> 
> Also, we have a dedicated API for hints, which are only printed under
> the monitor but ignored under QMP.

Ok.
 
> Not sure why it isn't used here but it should be something like:

If error_append_hint should be used for fatal errors (all that use
errp), then this patten should be applied further to
CAPABILITY_[HINT|ERROR] functions.

If error_append_hint needs to apply to warnings
cap_[cfpc/sbbc/ibs]_apply functions need to use it.

Would I be right in I'm assuming that the below pattern needs to apply
to both of these cases?

> error_setg(errp, 
>"Requested safe cache capability level not
> supported by kvm");
> error_append_hint(errp,
> CAPABILITY_HINT("cap-cfpc=%s") "\n", cap_cfpc_possible.vals[kvm_val]);

This is going a little beyond the scope of fixing a message, ok, but
lets not extend the scope too much more.

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2] spapr: quantify error messages regarding capability settings

2019-08-01 Thread Greg Kurz 
On Thu,  1 Aug 2019 13:38:19 +1000
Daniel Black  wrote:

> Its not immediately obvious how cap-X=Y setting need to be applied
> to the command line so, for spapr capability error messages, this
> has been clarified to:
> 
>   ..[try] appending -machine cap-X=Y
> 
> The wrong value messages have been left as is, as the user has found
> the right location.
> 
> Signed-off-by: Daniel Black 
> ---
> v2 Improved error message thanks David Gibson
> 
> Left the "appending" as its not obvious more that one -machine
> arguement is allowed.
> ---
>  hw/ppc/spapr_caps.c | 47 ++---
>  1 file changed, 32 insertions(+), 15 deletions(-)
> 
> diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
> index bbb001f84a..1c0222a081 100644
> --- a/hw/ppc/spapr_caps.c
> +++ b/hw/ppc/spapr_caps.c
> @@ -37,6 +37,8 @@
>  
>  #include "hw/ppc/spapr.h"
>  
> +#define CAPABILITY_ERROR(X) "appending -machine " X

I would make that:

#define CAPABILITY_HINT() "try appending -machine " X

because it is really an hint for the user, not an
error, and all original strings have "try", except...

> +
>  typedef struct SpaprCapPossible {
>  int num;/* size of vals array below */
>  const char *help;   /* help text for vals */
> @@ -194,10 +196,12 @@ static void cap_htm_apply(SpaprMachineState *spapr, 
> uint8_t val, Error **errp)
>  }
>  if (tcg_enabled()) {
>  error_setg(errp,
> -   "No Transactional Memory support in TCG, try 
> cap-htm=off");
> +   "No Transactional Memory support in TCG, try "
> +   CAPABILITY_ERROR("cap-htm=off"));
>  } else if (kvm_enabled() && !kvmppc_has_cap_htm()) {
>  error_setg(errp,
> -"KVM implementation does not support Transactional Memory, try cap-htm=off"
> +"KVM implementation does not support Transactional Memory, try "
> +   CAPABILITY_ERROR("cap-htm=off")
>  );
>  }
>  }
> @@ -215,7 +219,8 @@ static void cap_vsx_apply(SpaprMachineState *spapr, 
> uint8_t val, Error **errp)
>   * rid of anything that doesn't do VMX */
>  g_assert(env->insns_flags & PPC_ALTIVEC);
>  if (!(env->insns_flags2 & PPC2_VSX)) {
> -error_setg(errp, "VSX support not available, try cap-vsx=off");
> +error_setg(errp, "VSX support not available, try "
> +   CAPABILITY_ERROR("cap-vsx=off"));
>  }
>  }
>  
> @@ -229,7 +234,8 @@ static void cap_dfp_apply(SpaprMachineState *spapr, 
> uint8_t val, Error **errp)
>  return;
>  }
>  if (!(env->insns_flags2 & PPC2_DFP)) {
> -error_setg(errp, "DFP support not available, try cap-dfp=off");
> +error_setg(errp, "DFP support not available, try "
> +   CAPABILITY_ERROR("cap-dfp=off"));
>  }
>  }
>  
> @@ -249,11 +255,13 @@ static void cap_safe_cache_apply(SpaprMachineState 
> *spapr, uint8_t val,
>  if (tcg_enabled() && val) {
>  /* TCG only supports broken, allow other values and print a warning 
> */
>  error_setg(_err,
> -   "TCG doesn't support requested feature, cap-cfpc=%s",
> +   "TCG doesn't support requested feature, "
> +   CAPABILITY_ERROR("cap-cfpc=%s"),

... this one, but it doesn't look like a hint to me. It just tells which
is the unsupported cap.

> cap_cfpc_possible.vals[val]);
>  } else if (kvm_enabled() && (val > kvm_val)) {
>  error_setg(errp,
> -"Requested safe cache capability level not supported by kvm, try 
> cap-cfpc=%s",
> +"Requested safe cache capability level not supported by kvm, try "
> +   CAPABILITY_ERROR("cap-cfpc=%s"),
> cap_cfpc_possible.vals[kvm_val]);

Also, we have a dedicated API for hints, which are only printed under
the monitor but ignored under QMP.

Not sure why it isn't used here but it should be something like:

error_setg(errp, 
   "Requested safe cache capability level not supported by 
kvm");
error_append_hint(errp, CAPABILITY_HINT("cap-cfpc=%s") "\n",
  cap_cfpc_possible.vals[kvm_val]);

>  }
>  
> @@ -281,7 +289,8 @@ static void cap_safe_bounds_check_apply(SpaprMachineState 
> *spapr, uint8_t val,
> cap_sbbc_possible.vals[val]);
>  } else if (kvm_enabled() && (val > kvm_val)) {
>  error_setg(errp,
> -"Requested safe bounds check capability level not supported by kvm, try 
> cap-sbbc=%s",
> +"Requested safe bounds check capability level not supported by kvm, try "
> +   CAPABILITY_ERROR("cap-sbbc=%s"),
> cap_sbbc_possible.vals[kvm_val]);
>  }
>  
> @@ -312,7 +321,8 @@ static void 
> cap_safe_indirect_branch_apply(SpaprMachineState *spapr,
> cap_ibs_possible.vals[val]);
>  } else if (kvm_enabled() && (val > kvm_val)) {
>  error_setg(errp,
> -"Requested safe indirect branch capability level not