[Qemu-devel] KVM/QEMU: Support executing from flash device

[Qemu-devel] KVM/QEMU: Support executing from flash device

[Jordan Justen]

On Tue, Oct 25, 2011 at 00:47, Avi Kivity <avi@redhat.com> wrote:
> The core issue that kvm (the kernel part) supports two styles of memory:
> read/write RAM, and read/write MMIO.  ROM wants writes to be ignored,
> and rom/device wants reads serviced from memory and writes serviced by
> userspace (as MMIO).
>
> It should not be too hard to patch kvm to support these additional two
> styles.  The entry point is the KVM_SET_USER_MEMORY_REGION ioctl to
> define the new attributes for the region, and kvm_mmu_page_fault() to
> map these pages as read-only and emulate writes (for ROM/device regions).

Additional context for CC'd kvm-devel: I would like to support
executing from an emulated flash memory on kvm.  The flash memory
would be a CFI (Firmware Hub-like) device which is programmed via MMIO
at the same addresses in memory where the execution would occur.

What is needed is:
1. The ability to set a region to allow read/exec,
   but trap to qemu on writes.
2. qemu should then be able to set the region
   to trap on reads/exec/writes.
3. qemu should be able to then restore the region
   to the initial state.

Here is my plan:
1. Add KVM_CAP_REGION_WRITE_TRAP
2. Add kvm_memory_region::flags
   KVM_MEMSLOT_TRAP_WRITES
3. Update page table creation to trap on writes when
   KVM_MEMSLOT_TRAP_WRITES is set

Is this plan heading in the right direction?

Regarding emulating ROM (as you mentioned above): I think that it can
trap to qemu and QEMU can ignore it.  This would be a performance hit,
but I don't think it is expected that lots of writes to a ROM will
occur.  Do you agree?

-Jordan

Re: [Qemu-devel] KVM/QEMU: Support executing from flash device

[Gleb Natapov]

On Sat, Mar 03, 2012 at 10:56:02PM -0800, Jordan Justen wrote:
> On Tue, Oct 25, 2011 at 00:47, Avi Kivity <avi@redhat.com> wrote:
> > The core issue that kvm (the kernel part) supports two styles of memory:
> > read/write RAM, and read/write MMIO.  ROM wants writes to be ignored,
> > and rom/device wants reads serviced from memory and writes serviced by
> > userspace (as MMIO).
> >
> > It should not be too hard to patch kvm to support these additional two
> > styles.  The entry point is the KVM_SET_USER_MEMORY_REGION ioctl to
> > define the new attributes for the region, and kvm_mmu_page_fault() to
> > map these pages as read-only and emulate writes (for ROM/device regions).
> 
> Additional context for CC'd kvm-devel: I would like to support
> executing from an emulated flash memory on kvm.  The flash memory
> would be a CFI (Firmware Hub-like) device which is programmed via MMIO
> at the same addresses in memory where the execution would occur.
> 
> What is needed is:
> 1. The ability to set a region to allow read/exec,
>    but trap to qemu on writes.
> 2. qemu should then be able to set the region
>    to trap on reads/exec/writes.
Do you want to execute code from a flash while it traps on read/exec?
KVM emulator can't do that.

> 3. qemu should be able to then restore the region
>    to the initial state.
> 
> Here is my plan:
> 1. Add KVM_CAP_REGION_WRITE_TRAP
> 2. Add kvm_memory_region::flags
>    KVM_MEMSLOT_TRAP_WRITES
> 3. Update page table creation to trap on writes when
>    KVM_MEMSLOT_TRAP_WRITES is set
> 
> Is this plan heading in the right direction?
> 
> Regarding emulating ROM (as you mentioned above): I think that it can
> trap to qemu and QEMU can ignore it.  This would be a performance hit,
> but I don't think it is expected that lots of writes to a ROM will
> occur.  Do you agree?
> 
> -Jordan

--
			Gleb.

Re: [Qemu-devel] KVM/QEMU: Support executing from flash device

[Avi Kivity]

On 03/04/2012 10:12 AM, Gleb Natapov wrote:
> On Sat, Mar 03, 2012 at 10:56:02PM -0800, Jordan Justen wrote:
> > On Tue, Oct 25, 2011 at 00:47, Avi Kivity <avi@redhat.com> wrote:
> > > The core issue that kvm (the kernel part) supports two styles of memory:
> > > read/write RAM, and read/write MMIO.  ROM wants writes to be ignored,
> > > and rom/device wants reads serviced from memory and writes serviced by
> > > userspace (as MMIO).
> > >
> > > It should not be too hard to patch kvm to support these additional two
> > > styles.  The entry point is the KVM_SET_USER_MEMORY_REGION ioctl to
> > > define the new attributes for the region, and kvm_mmu_page_fault() to
> > > map these pages as read-only and emulate writes (for ROM/device regions).
> > 
> > Additional context for CC'd kvm-devel: I would like to support
> > executing from an emulated flash memory on kvm.  The flash memory
> > would be a CFI (Firmware Hub-like) device which is programmed via MMIO
> > at the same addresses in memory where the execution would occur.
> > 
> > What is needed is:
> > 1. The ability to set a region to allow read/exec,
> >    but trap to qemu on writes.
> > 2. qemu should then be able to set the region
> >    to trap on reads/exec/writes.
> Do you want to execute code from a flash while it traps on read/exec?
> KVM emulator can't do that.

No, he wants read/exec to go to RAM, and writes to be handled as mmio. 
This should work.

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] KVM/QEMU: Support executing from flash device

[Gleb Natapov]

On Sun, Mar 04, 2012 at 12:36:20PM +0200, Avi Kivity wrote:
> On 03/04/2012 10:12 AM, Gleb Natapov wrote:
> > On Sat, Mar 03, 2012 at 10:56:02PM -0800, Jordan Justen wrote:
> > > On Tue, Oct 25, 2011 at 00:47, Avi Kivity <avi@redhat.com> wrote:
> > > > The core issue that kvm (the kernel part) supports two styles of memory:
> > > > read/write RAM, and read/write MMIO.  ROM wants writes to be ignored,
> > > > and rom/device wants reads serviced from memory and writes serviced by
> > > > userspace (as MMIO).
> > > >
> > > > It should not be too hard to patch kvm to support these additional two
> > > > styles.  The entry point is the KVM_SET_USER_MEMORY_REGION ioctl to
> > > > define the new attributes for the region, and kvm_mmu_page_fault() to
> > > > map these pages as read-only and emulate writes (for ROM/device regions).
> > > 
> > > Additional context for CC'd kvm-devel: I would like to support
> > > executing from an emulated flash memory on kvm.  The flash memory
> > > would be a CFI (Firmware Hub-like) device which is programmed via MMIO
> > > at the same addresses in memory where the execution would occur.
> > > 
> > > What is needed is:
> > > 1. The ability to set a region to allow read/exec,
> > >    but trap to qemu on writes.
> > > 2. qemu should then be able to set the region
> > >    to trap on reads/exec/writes.
> > Do you want to execute code from a flash while it traps on read/exec?
> > KVM emulator can't do that.
> 
> No, he wants read/exec to go to RAM, and writes to be handled as mmio. 
> This should work.
> 
That's mode 1 from above and will obviously work. I am asking about mode
2 from above.

--
			Gleb.

Re: [Qemu-devel] KVM/QEMU: Support executing from flash device

[Avi Kivity]

On 03/04/2012 08:56 AM, Jordan Justen wrote:
> On Tue, Oct 25, 2011 at 00:47, Avi Kivity <avi@redhat.com> wrote:
> > The core issue that kvm (the kernel part) supports two styles of memory:
> > read/write RAM, and read/write MMIO.  ROM wants writes to be ignored,
> > and rom/device wants reads serviced from memory and writes serviced by
> > userspace (as MMIO).
> >
> > It should not be too hard to patch kvm to support these additional two
> > styles.  The entry point is the KVM_SET_USER_MEMORY_REGION ioctl to
> > define the new attributes for the region, and kvm_mmu_page_fault() to
> > map these pages as read-only and emulate writes (for ROM/device regions).
>
> Additional context for CC'd kvm-devel: I would like to support
> executing from an emulated flash memory on kvm.  The flash memory
> would be a CFI (Firmware Hub-like) device which is programmed via MMIO
> at the same addresses in memory where the execution would occur.
>
> What is needed is:
> 1. The ability to set a region to allow read/exec,
>    but trap to qemu on writes.
> 2. qemu should then be able to set the region
>    to trap on reads/exec/writes.
> 3. qemu should be able to then restore the region
>    to the initial state.
>
> Here is my plan:
> 1. Add KVM_CAP_REGION_WRITE_TRAP
> 2. Add kvm_memory_region::flags
>    KVM_MEMSLOT_TRAP_WRITES
> 3. Update page table creation to trap on writes when
>    KVM_MEMSLOT_TRAP_WRITES is set
>
> Is this plan heading in the right direction?

Sure.  I'd name things differently, call this type of slot readonly
instead of write trapping (that is, say what works in kvm (reads)
instead of what doesn't (writes).

Note you need to update kvm_userspace_memory_region, not
kvm_memory_region, which has been deprecated since 2.6.24 or so.

> Regarding emulating ROM (as you mentioned above): I think that it can
> trap to qemu and QEMU can ignore it.  This would be a performance hit,
> but I don't think it is expected that lots of writes to a ROM will
> occur.  Do you agree?

I do, I don't foresee any problems in this area.

Only potential issue is vapic writing to a ROM region, but Jan's recent
work adds a hackaround for that (vapic_map_rom_writable()).

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] KVM/QEMU: Support executing from flash device

[Avi Kivity]

On 03/04/2012 12:38 PM, Gleb Natapov wrote:
> On Sun, Mar 04, 2012 at 12:36:20PM +0200, Avi Kivity wrote:
> > On 03/04/2012 10:12 AM, Gleb Natapov wrote:
> > > On Sat, Mar 03, 2012 at 10:56:02PM -0800, Jordan Justen wrote:
> > > > On Tue, Oct 25, 2011 at 00:47, Avi Kivity <avi@redhat.com> wrote:
> > > > > The core issue that kvm (the kernel part) supports two styles of memory:
> > > > > read/write RAM, and read/write MMIO.  ROM wants writes to be ignored,
> > > > > and rom/device wants reads serviced from memory and writes serviced by
> > > > > userspace (as MMIO).
> > > > >
> > > > > It should not be too hard to patch kvm to support these additional two
> > > > > styles.  The entry point is the KVM_SET_USER_MEMORY_REGION ioctl to
> > > > > define the new attributes for the region, and kvm_mmu_page_fault() to
> > > > > map these pages as read-only and emulate writes (for ROM/device regions).
> > > > 
> > > > Additional context for CC'd kvm-devel: I would like to support
> > > > executing from an emulated flash memory on kvm.  The flash memory
> > > > would be a CFI (Firmware Hub-like) device which is programmed via MMIO
> > > > at the same addresses in memory where the execution would occur.
> > > > 
> > > > What is needed is:
> > > > 1. The ability to set a region to allow read/exec,
> > > >    but trap to qemu on writes.
> > > > 2. qemu should then be able to set the region
> > > >    to trap on reads/exec/writes.
> > > Do you want to execute code from a flash while it traps on read/exec?
> > > KVM emulator can't do that.
> > 
> > No, he wants read/exec to go to RAM, and writes to be handled as mmio. 
> > This should work.
> > 
> That's mode 1 from above and will obviously work. I am asking about mode
> 2 from above.
>

Mode 2 is pure mmio.  You're right that kvm won't run code from that.

Jordan, what's the use for mode 2?  Is it just used during programming?

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] KVM/QEMU: Support executing from flash device

[Jordan Justen]

On Sun, Mar 4, 2012 at 02:46, Avi Kivity <avi@redhat.com> wrote:
> On 03/04/2012 12:38 PM, Gleb Natapov wrote:
>> On Sun, Mar 04, 2012 at 12:36:20PM +0200, Avi Kivity wrote:
>> > On 03/04/2012 10:12 AM, Gleb Natapov wrote:
>> > > On Sat, Mar 03, 2012 at 10:56:02PM -0800, Jordan Justen wrote:
>> > > > On Tue, Oct 25, 2011 at 00:47, Avi Kivity <avi@redhat.com> wrote:
>> > > > > The core issue that kvm (the kernel part) supports two styles of memory:
>> > > > > read/write RAM, and read/write MMIO.  ROM wants writes to be ignored,
>> > > > > and rom/device wants reads serviced from memory and writes serviced by
>> > > > > userspace (as MMIO).
>> > > > >
>> > > > > It should not be too hard to patch kvm to support these additional two
>> > > > > styles.  The entry point is the KVM_SET_USER_MEMORY_REGION ioctl to
>> > > > > define the new attributes for the region, and kvm_mmu_page_fault() to
>> > > > > map these pages as read-only and emulate writes (for ROM/device regions).
>> > > >
>> > > > Additional context for CC'd kvm-devel: I would like to support
>> > > > executing from an emulated flash memory on kvm.  The flash memory
>> > > > would be a CFI (Firmware Hub-like) device which is programmed via MMIO
>> > > > at the same addresses in memory where the execution would occur.
>> > > >
>> > > > What is needed is:
>> > > > 1. The ability to set a region to allow read/exec,
>> > > >    but trap to qemu on writes.
>> > > > 2. qemu should then be able to set the region
>> > > >    to trap on reads/exec/writes.
>> > > Do you want to execute code from a flash while it traps on read/exec?
>> > > KVM emulator can't do that.
>> >
>> > No, he wants read/exec to go to RAM, and writes to be handled as mmio.
>> > This should work.
>> >
>> That's mode 1 from above and will obviously work. I am asking about mode
>> 2 from above.
>>
>
> Mode 2 is pure mmio.  You're right that kvm won't run code from that.
>
> Jordan, what's the use for mode 2?  Is it just used during programming?

Yes.  It is the programming state for the flash, and no execution
would occur from the region while it is in that state.  At least for
the flash that I'm interested in supporting (qemu:hw/pflash_cfi01.c),
it would not be possible to execute from the flash in this mode
because the entire region will no longer read-back the flash contents.

-Jordan