guest attempted write to read-only memory page.

guest attempted write to read-only memory page.

[Tian, Kevin]

Now I'm seeing bunch of warning as:
multi.c:3238:d3 guest attempted write to read-only memory page. va page=0xc9000, mfn=0x23491
...
multi.c:3238:d3 guest attempted write to read-only memory page. va page=0xd5000, mfn=0x23491

BIOS map:
c0000-c8fff: VGA BIOS
c9000-d57ff: Etherboot ROM
e9000-e914e: SMBIOS tables
f0000-fffff: Main BIOS

I guess it's caused by 18931 to update rombios to latest bochs 
version, and some writes to rom area are added outside of disabling
rom write access. But I'm not familiar with this part, and thus hope
others (Akio?) may take a deeper dive.

Thanks,
Kevin

Re: guest attempted write to read-only memory page.

[Keir Fraser]

On 22/12/2008 10:12, "Tian, Kevin" <kevin.tian@intel.com> wrote:

> I guess it's caused by 18931 to update rombios to latest bochs
> version, and some writes to rom area are added outside of disabling
> rom write access. But I'm not familiar with this part, and thus hope
> others (Akio?) may take a deeper dive.

Etherboot likes to try to write to its ROM area. That's why I actually
silenced the warning in __hvm_copy(). I would guess the reason you see this
issue now is because the accesses are taking the shadow-fault path, which
means you are no longer emulating real mode? ;-)

Possibly we should silence the shadow code too, at least perhaps while in
real mode or for a certain EIP range.

 -- Keir

RE: guest attempted write to read-only memory page.

[Tian, Kevin]

>From: Keir Fraser [mailto:keir.fraser@eu.citrix.com] 
>Sent: Monday, December 22, 2008 6:33 PM
>
>On 22/12/2008 10:12, "Tian, Kevin" <kevin.tian@intel.com> wrote:
>
>> I guess it's caused by 18931 to update rombios to latest bochs
>> version, and some writes to rom area are added outside of disabling
>> rom write access. But I'm not familiar with this part, and thus hope
>> others (Akio?) may take a deeper dive.
>
>Etherboot likes to try to write to its ROM area. That's why I actually
>silenced the warning in __hvm_copy(). I would guess the reason 
>you see this
>issue now is because the accesses are taking the shadow-fault 
>path, which
>means you are no longer emulating real mode? ;-)

I guess it's combined effect from 18891 and 18931. In 18891,
Tim reintroduced vm86 if possible. I didn't change anything and
thus it's interesting that I'm the only one to report this issue. :-)

>
>Possibly we should silence the shadow code too, at least 
>perhaps while in
>real mode or for a certain EIP range.
>

I'm not sure that's the right fix. Why is write access to rom disabled
before rom scan when etherboot is known to have write requirement?

#ifdef HVMASSIST
  call _enable_rom_write_access
  call _clobber_entry_point
  call _copy_e820_table
  call smbios_init
  call _disable_rom_write_access
#endif

  call _init_boot_vectors

  mov  cx, #0xc800  ;; init option roms
  mov  ax, #0xe000
  call rom_scan

Should we move disable action to post rom_scan? If shadow warning
is simply silenced for such case, it seems breaking the purpose of
disable_dom_write_access...

Thanks,
Kevin

RE: guest attempted write to read-only memory page.

[Tian, Kevin]

>From: Tian, Kevin
>Sent: Monday, December 22, 2008 9:11 PM
>>
>>Possibly we should silence the shadow code too, at least 
>>perhaps while in
>>real mode or for a certain EIP range.
>>
>
>I'm not sure that's the right fix. Why is write access to rom disabled
>before rom scan when etherboot is known to have write requirement?
>
>#ifdef HVMASSIST
>  call _enable_rom_write_access
>  call _clobber_entry_point
>  call _copy_e820_table
>  call smbios_init
>  call _disable_rom_write_access
>#endif
>
>  call _init_boot_vectors
>
>  mov  cx, #0xc800  ;; init option roms
>  mov  ax, #0xe000
>  call rom_scan
>
>Should we move disable action to post rom_scan? If shadow warning
>is simply silenced for such case, it seems breaking the purpose of
>disable_dom_write_access...
>

I make a quick test, that warning disappears after moving disable
action post rom_scan. But I haven't found the place triggering such
write violation, as in previous revision write access is also disabled
before rom_scan. It could come from recent bochs update on 
expansion rom part by 18931.

Thanks,
Kevin

Re: guest attempted write to read-only memory page.

[Keir Fraser]

On 22/12/2008 13:20, "Tian, Kevin" <kevin.tian@intel.com> wrote:

>> Should we move disable action to post rom_scan? If shadow warning
>> is simply silenced for such case, it seems breaking the purpose of
>> disable_dom_write_access...
>> 
> 
> I make a quick test, that warning disappears after moving disable
> action post rom_scan. But I haven't found the place triggering such
> write violation, as in previous revision write access is also disabled
> before rom_scan. It could come from recent bochs update on
> expansion rom part by 18931.

Yes, I can repro the warnings. They are due to the vm86 acceleration
changes. 

 -- Keir

RE: guest attempted write to read-only memory page.

[Tian, Kevin]

>From: Keir Fraser [mailto:keir.fraser@eu.citrix.com] 
>Sent: Monday, December 22, 2008 9:43 PM
>
>On 22/12/2008 13:20, "Tian, Kevin" <kevin.tian@intel.com> wrote:
>
>>> Should we move disable action to post rom_scan? If shadow warning
>>> is simply silenced for such case, it seems breaking the purpose of
>>> disable_dom_write_access...
>>> 
>> 
>> I make a quick test, that warning disappears after moving disable
>> action post rom_scan. But I haven't found the place triggering such
>> write violation, as in previous revision write access is 
>also disabled
>> before rom_scan. It could come from recent bochs update on
>> expansion rom part by 18931.
>
>Yes, I can repro the warnings. They are due to the vm86 acceleration
>changes. 
>

I saw you removed the warning in latest tree, but sorry that I'm still
a bit confused about logic here. Could you help clarify the underlying
story to me? :-) Why is such write attempt legitimate? Is the emulation
a dummy nop or actually emulated? 

Thanks,
Kevin

Re: guest attempted write to read-only memory page.

[Keir Fraser]

On 22/12/2008 14:21, "Tian, Kevin" <kevin.tian@intel.com> wrote:

>> Yes, I can repro the warnings. They are due to the vm86 acceleration
>> changes. 
>> 
> 
> I saw you removed the warning in latest tree, but sorry that I'm still
> a bit confused about logic here. Could you help clarify the underlying
> story to me? :-) Why is such write attempt legitimate? Is the emulation
> a dummy nop or actually emulated?

The write is thrown away, and the instruction is skipped. Etherboot can
handle these write attempts failing (obviously, since it could really be
executed out of ROM). It attempts them just to set up some version info
strings, I think -- nothing at all important.

 -- Keir

RE: guest attempted write to read-only memory page.

[Tian, Kevin]

>From: Keir Fraser [mailto:keir.fraser@eu.citrix.com] 
>Sent: Monday, December 22, 2008 11:11 PM
>
>On 22/12/2008 14:21, "Tian, Kevin" <kevin.tian@intel.com> wrote:
>
>>> Yes, I can repro the warnings. They are due to the vm86 acceleration
>>> changes. 
>>> 
>> 
>> I saw you removed the warning in latest tree, but sorry that 
>I'm still
>> a bit confused about logic here. Could you help clarify the 
>underlying
>> story to me? :-) Why is such write attempt legitimate? Is 
>the emulation
>> a dummy nop or actually emulated?
>
>The write is thrown away, and the instruction is skipped. Etherboot can
>handle these write attempts failing (obviously, since it could 
>really be
>executed out of ROM). It attempts them just to set up some version info
>strings, I think -- nothing at all important.
>

ok, got it.

Thanks,
Kevin

Re: guest attempted write to read-only memory page.

[Akio Takebe]

Tian, Kevin wrote:
>> From: Tian, Kevin
>> Sent: Monday, December 22, 2008 9:11 PM
>>> Possibly we should silence the shadow code too, at least 
>>> perhaps while in
>>> real mode or for a certain EIP range.
>>>
>> I'm not sure that's the right fix. Why is write access to rom disabled
>> before rom scan when etherboot is known to have write requirement?
>>
>> #ifdef HVMASSIST
>>  call _enable_rom_write_access
>>  call _clobber_entry_point
>>  call _copy_e820_table
>>  call smbios_init
>>  call _disable_rom_write_access
>> #endif
>>
>>  call _init_boot_vectors
>>
>>  mov  cx, #0xc800  ;; init option roms
>>  mov  ax, #0xe000
>>  call rom_scan
>>
>> Should we move disable action to post rom_scan? If shadow warning
>> is simply silenced for such case, it seems breaking the purpose of
>> disable_dom_write_access...
>>
> 
> I make a quick test, that warning disappears after moving disable
> action post rom_scan. But I haven't found the place triggering such
> write violation, as in previous revision write access is also disabled
> before rom_scan. It could come from recent bochs update on 
> expansion rom part by 18931.

Sorry for my late response.
That's a bug of mine.

Some option ROMs would do write accesses.
So rombios need to enable write acess before rom_scan.
I'll post a patch to fix.

Best Regards,

Akio Takebe

Re: guest attempted write to read-only memory page.

[Keir Fraser]

On 25/12/2008 01:54, "Akio Takebe" <takebe_akio@jp.fujitsu.com> wrote:

>> I make a quick test, that warning disappears after moving disable
>> action post rom_scan. But I haven't found the place triggering such
>> write violation, as in previous revision write access is also disabled
>> before rom_scan. It could come from recent bochs update on
>> expansion rom part by 18931.
> 
> Sorry for my late response.
> That's a bug of mine.
> 
> Some option ROMs would do write accesses.
> So rombios need to enable write acess before rom_scan.
> I'll post a patch to fix.

This behaviour existed before your upgrade, and it's not a bug. I fixed by
removing the warning message.

 -- Keir

Re: guest attempted write to read-only memory page.

[Akio Takebe]

Keir Fraser wrote:
> On 25/12/2008 01:54, "Akio Takebe" <takebe_akio@jp.fujitsu.com> wrote:
> 
>>> I make a quick test, that warning disappears after moving disable
>>> action post rom_scan. But I haven't found the place triggering such
>>> write violation, as in previous revision write access is also disabled
>>> before rom_scan. It could come from recent bochs update on
>>> expansion rom part by 18931.
>> Sorry for my late response.
>> That's a bug of mine.
>>
>> Some option ROMs would do write accesses.
>> So rombios need to enable write acess before rom_scan.
>> I'll post a patch to fix.
> 
> This behaviour existed before your upgrade, and it's not a bug. I fixed by
> removing the warning message.
> 
But shadow memory should enable write accesses during INIT and BCV.
It's in BBS spec.

Best Regards,

Akio　Takebe

Re: guest attempted write to read-only memory page.

[Keir Fraser]

On 25/12/2008 08:36, "Akio Takebe" <takebe_akio@jp.fujitsu.com> wrote:

>>> Some option ROMs would do write accesses.
>>> So rombios need to enable write acess before rom_scan.
>>> I'll post a patch to fix.
>> 
>> This behaviour existed before your upgrade, and it's not a bug. I fixed by
>> removing the warning message.
>> 
> But shadow memory should enable write accesses during INIT and BCV.
> It's in BBS spec.

Oh, I hadn't realised that. Perhaps then it is appropriate to apply your
patch and actually re-enable warnings in Xen. Since the only 'false
positives' were from the ROM initialisations.

I shall apply something suitable. Thanks.

 -- Keir