From: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
To: Avi Kivity <avi@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>,
Jan Kiszka <jan.kiszka@siemens.com>,
Anthony Liguori <anthony@codemonkey.ws>,
"Kevin O'Connor" <kevin@koconnor.net>,
Liu Sheng <liusheng@linux.vnet.ibm.com>,
KVM <kvm@vger.kernel.org>,
qemu-devel@nongnu.org
Subject: [PATCH v2 0/5] Qemu: implement readonly memory
Date: Thu, 25 Oct 2012 17:20:34 +0800 [thread overview]
Message-ID: <50890462.5010307@linux.vnet.ibm.com> (raw)
This patch set make the readonly memory in qemu really readonly by using
readonly memory slots feature in kvm to make qemu-kvm safer. Memory
regions with readonly property would be plug into kvm as readonly memory
slots.
Below module can test this feature:
static int rom_tester_probe(struct pci_dev *dev, const struct pci_device_id *id)
{
struct resource *res = &dev->resource[PCI_ROM_RESOURCE];
char buf[6];
size_t rom_size;
char * __iomem map;
int i;
if (res->flags & (IORESOURCE_ROM_SHADOW | IORESOURCE_ROM_COPY |
IORESOURCE_ROM_BIOS_COPY)) {
dev_printk(KERN_INFO, &dev->dev, "skip ROM COPY.\n");
return 0;
}
if (res->flags &
(IORESOURCE_ROM_COPY | IORESOURCE_ROM_BIOS_COPY))
dev_printk(KERN_INFO, &dev->dev, "rom tester\n");
if (pci_enable_rom(dev)) {
dev_printk(KERN_INFO, &dev->dev, "do not found Rom\n");
goto exit;
}
map = pci_map_rom(dev, &rom_size);
if (!map) {
dev_printk(KERN_INFO, &dev->dev, "map rom fail.\n");
goto disable_exit;
}
dev_printk(KERN_INFO, &dev->dev, "Rom map: %p [size: %lx], phsyc:%llx.\n",
map, rom_size, pci_resource_start(dev, PCI_ROM_RESOURCE));
if (rom_size < 6) {
printk("map size < 6.\n");
goto unmap_exit;
}
printk("The first 6 bytes:\n");
for (i = 0; i < 6; i++) {
buf[i] = map[i];
printk("%x ", buf[i]);
}
printk("\n\n");
memcpy(map, "KVMKVM", 6);
if (!memcmp(map, "KVMKVM", 6)) {
printk("Rom Test: fail.\n");
goto unmap_exit;
}
for (i = 0; i < 6; i++)
if (buf[i] != ((char *)map)[i]) {
printk("The %d byte is changed: %x -> %x.\n",
i, buf[i], map[i]);
printk("Rom Test: fail.\n");
goto unmap_exit;
}
printk("Rom Test: Okay.\n");
unmap_exit:
pci_unmap_rom(dev, map);
disable_exit:
pci_disable_rom(dev);
exit:
return 0;
}
static DEFINE_PCI_DEVICE_TABLE(rom_tester_tbl) = {
{ PCI_DEVICE(PCI_ANY_ID, PCI_ANY_ID)},
{0,} /* 0 terminated list. */
};
MODULE_DEVICE_TABLE(pci, rom_tester_tbl);
static struct pci_driver rom_tester = {
.name = "pci-rom-tester",
.id_table = rom_tester_tbl,
.probe = rom_tester_probe,
};
static int __init pci_rom_test_init(void)
{
int rc;
rc = pci_register_driver(&rom_tester);
if (rc)
return rc;
return 0;
}
static void __exit pci_rom_test_exit(void)
{
pci_unregister_driver(&rom_tester);
}
module_init(pci_rom_test_init);
module_exit(pci_rom_test_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>");
we test it with the rom of Intel 82540EM Gigabit Ethernet Controller.
0. start qemu:
qemu-system-x86_64 -enable-kvm -m 1G -smp 2 -hda fedora16.qcow2 \
-nic nic,model=e1000,vlan=1,macadrr=52:00:12:34:56 \
-net user,vlan=1
1. unbind the device:
echo "0000:00:03.0" > /sys/bus/pci/devices/0000\:00\:03.0/driver/unbind
2. install the test kernel module, here we name it write_rom:
modprobe write_rom
3. print dmesg to verify the result is ok or fail:
dmesg
4. remove the test kernel module.
rmmod write_rom
5. rebind the device to its driver, test if the nic still works:
echo "0000:00:03.0" > /sys/bus/pci/drivers/e1000/bind
open firefox and try some web page.
when I use kvm without readonly memory slot, in step 2 it reports:
Rom Test: fail. this means we can write to the memory region of a rom,
which is quite not safe for the guest and host.
when I use kvm with readonly memory slot, in step 2 it reports:
Rom Test: Okay.
this means write operation is not successful, and return back to qemu from kvm.
thus we can make the rom real rom.
next reply other threads:[~2012-10-25 9:21 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-25 9:20 Xiao Guangrong [this message]
2012-10-25 9:21 ` [PATCH v2 1/5] KVM: define KVM_CAP_READONLY_MEM unconditionally Xiao Guangrong
2012-10-25 12:14 ` Jan Kiszka
2012-10-25 9:21 ` [PATCH v2 2/5] Qemu: update header files Xiao Guangrong
2012-10-25 11:03 ` [Qemu-devel] " Peter Maydell
2012-10-25 9:22 ` [PATCH v2 3/5] Qemu: do not mark bios readonly Xiao Guangrong
2012-10-26 10:35 ` Jan Kiszka
2012-10-29 7:09 ` Xiao Guangrong
2012-10-29 7:44 ` Jan Kiszka
2012-10-29 8:31 ` Xiao Guangrong
2012-10-31 6:03 ` Jan Kiszka
2012-10-31 6:35 ` Xiao Guangrong
2012-10-31 6:46 ` Jan Kiszka
2012-10-31 7:01 ` Xiao Guangrong
2012-10-31 7:21 ` Jan Kiszka
2012-10-25 9:22 ` [PATCH v2 4/5] Qemu: implement readonly memory Xiao Guangrong
2012-10-25 9:23 ` [PATCH v2 5/5] Qemu: mark pci rom readonly Xiao Guangrong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50890462.5010307@linux.vnet.ibm.com \
--to=xiaoguangrong@linux.vnet.ibm.com \
--cc=anthony@codemonkey.ws \
--cc=avi@redhat.com \
--cc=jan.kiszka@siemens.com \
--cc=kevin@koconnor.net \
--cc=kvm@vger.kernel.org \
--cc=liusheng@linux.vnet.ibm.com \
--cc=mtosatti@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.