From mboxrd@z Thu Jan  1 00:00:00 1970
From: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Subject: Re: [PATCH v2 3/5] Qemu: do not mark bios readonly
Date: Wed, 31 Oct 2012 15:01:27 +0800
Message-ID: <5090CCC7.9060503@linux.vnet.ibm.com>
References: <50890462.5010307@linux.vnet.ibm.com> <508904C4.7030409@linux.vnet.ibm.com> <508A6772.4040400@siemens.com> <508E2B98.4050700@linux.vnet.ibm.com> <508E33F5.2000001@web.de> <508E3ED6.5070605@linux.vnet.ibm.com> <5090BF35.6020101@web.de> <5090C6C9.2070403@linux.vnet.ibm.com> <5090C94C.8080808@web.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Avi Kivity <avi@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>,
	Anthony Liguori <anthony@codemonkey.ws>,
	"Kevin O'Connor" <kevin@koconnor.net>,
	Liu Sheng <liusheng@linux.vnet.ibm.com>,
	KVM <kvm@vger.kernel.org>, qemu-devel@nongnu.org
To: Jan Kiszka <jan.kiszka@web.de>
Return-path: <kvm-owner@vger.kernel.org>
Received: from e28smtp01.in.ibm.com ([122.248.162.1]:55064 "EHLO
	e28smtp01.in.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753736Ab2JaHBy (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 31 Oct 2012 03:01:54 -0400
Received: from /spool/local
	by e28smtp01.in.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
	for <kvm@vger.kernel.org> from <xiaoguangrong@linux.vnet.ibm.com>;
	Wed, 31 Oct 2012 12:31:49 +0530
Received: from d28av03.in.ibm.com (d28av03.in.ibm.com [9.184.220.65])
	by d28relay02.in.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q9V71Wmb37617754
	for <kvm@vger.kernel.org>; Wed, 31 Oct 2012 12:31:32 +0530
Received: from d28av03.in.ibm.com (loopback [127.0.0.1])
	by d28av03.in.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q9V71US2021730
	for <kvm@vger.kernel.org>; Wed, 31 Oct 2012 18:01:31 +1100
In-Reply-To: <5090C94C.8080808@web.de>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 10/31/2012 02:46 PM, Jan Kiszka wrote:

>> Please allow me to clarify it more clearly.
>>
>> The flash is ROMD device means guest can not write it, any kinds of guest write
>> access on this device can cause vmexit to kvm and return to userspace.
>>
>> We should pay more attention on it if we execute the code in ROMD since we
>> can not use ROMD as stack/page table/IDT table and all other implicitly write access.
>> Of course, if you do not use ROM as those purposes, it is okay. :)
> 
> So the problem is that there is KVM code that still blindly writes to
> guest memory and does not take the memory regions' protection flag into
> account? And we cannot mark those regions read only in the host's page
> table?

KVM has the ability to catch this kind of write access on ROMD, it is just hard to
emulate the implicitly memory access.