From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Kiszka <jan.kiszka@siemens.com>
Subject: Re: [PATCH v2 3/5] Qemu: do not mark bios readonly
Date: Wed, 31 Oct 2012 08:21:09 +0100
Message-ID: <5090D165.7010806@siemens.com>
References: <50890462.5010307@linux.vnet.ibm.com> <508904C4.7030409@linux.vnet.ibm.com> <508A6772.4040400@siemens.com> <508E2B98.4050700@linux.vnet.ibm.com> <508E33F5.2000001@web.de> <508E3ED6.5070605@linux.vnet.ibm.com> <5090BF35.6020101@web.de> <5090C6C9.2070403@linux.vnet.ibm.com> <5090C94C.8080808@web.de> <5090CCC7.9060503@linux.vnet.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Avi Kivity <avi@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>,
	Anthony Liguori <anthony@codemonkey.ws>,
	"Kevin O'Connor" <kevin@koconnor.net>,
	Liu Sheng <liusheng@linux.vnet.ibm.com>,
	KVM <kvm@vger.kernel.org>, qemu-devel@nongnu.org
To: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from goliath.siemens.de ([192.35.17.28]:25492 "EHLO
	goliath.siemens.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932093Ab2JaHVY (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 31 Oct 2012 03:21:24 -0400
In-Reply-To: <5090CCC7.9060503@linux.vnet.ibm.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 2012-10-31 08:01, Xiao Guangrong wrote:
> On 10/31/2012 02:46 PM, Jan Kiszka wrote:
> 
>>> Please allow me to clarify it more clearly.
>>>
>>> The flash is ROMD device means guest can not write it, any kinds of guest write
>>> access on this device can cause vmexit to kvm and return to userspace.
>>>
>>> We should pay more attention on it if we execute the code in ROMD since we
>>> can not use ROMD as stack/page table/IDT table and all other implicitly write access.
>>> Of course, if you do not use ROM as those purposes, it is okay. :)
>>
>> So the problem is that there is KVM code that still blindly writes to
>> guest memory and does not take the memory regions' protection flag into
>> account? And we cannot mark those regions read only in the host's page
>> table?
> 
> KVM has the ability to catch this kind of write access on ROMD, it is just hard to
> emulate the implicitly memory access.

Drop them? It is highly unlikely that they trigger the magic
write-enable patterns at the right spot in a ROMD device.

Jan

-- 
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux