> -----Original Message----- > From: Avi Kivity [mailto:avi@xxxxxxxxxx] > Sent: Wednesday, December 15, 2010 4:49 PM > To: Sethi Varun-B16395 > Cc: Yoder Stuart-B08248; Hollis Blanchard; Alexander Graf; kvm- > ppc@xxxxxxxxxxxxxxx > Subject: Re: re-writing on powerpc > > On 12/15/2010 01:16 PM, Sethi Varun-B16395 wrote: > > > > > -----Original Message----- > > > From: kvm-ppc-owner@xxxxxxxxxxxxxxx [mailto:kvm-ppc- > > > owner@xxxxxxxxxxxxxxx] On Behalf Of Avi Kivity > > > Sent: Tuesday, December 14, 2010 9:18 PM > > > To: Yoder Stuart-B08248 > > > Cc: Hollis Blanchard; Alexander Graf; kvm-ppc@xxxxxxxxxxxxxxx > > > Subject: Re: re-writing on powerpc > > > > > > On 12/14/2010 05:45 PM, Yoder Stuart-B08248 wrote: > > > > > -----Original Message----- > > > > > From: Avi Kivity [mailto:avi@xxxxxxxxxx] > > > > > Sent: Tuesday, December 14, 2010 2:49 AM > > > > > To: Hollis Blanchard > > > > > Cc: Yoder Stuart-B08248; Alexander Graf; kvm- > ppc@xxxxxxxxxxxxxxx > > > > > Subject: Re: re-writing on powerpc > > > > > > > > > > On 12/13/2010 07:17 PM, Hollis Blanchard wrote: > > > > > >> Rewriting is dangerous if the guest is unaware of it. > As soon > > > > > as > > > > it > > > > > >> is made aware of it, it might as well actually do it in > the > > > > > best > > > > way > > > > > >> that suits it. > > > > > > > > > > > > Can you list some examples of dangerous scenarios? > > > > > > > > > > > > > > > > - guest checksums own kernel pages > > > > > - clever compiler reuses code for constant pool > > > > > - guest patches itself (a la linux alternatives), surprised > when it > > > > sees a > > > > > different instruction > > > > > - guest jits own kernel code (like Singularity), gets > confused when > > > > > it reads back something it didn't write > > One possible > > > solution to hiding rewriting from guest if it must be > hidden is > > > to mark patched pages as execute only. If a guest reads a > > > > patched page, the hypervisor can fix up the read. > > > > > > > > > > Yes. Something that is common to all the problems above is "using > > > code as data". > > > > > > However, execute only would only affect the page's mapping, not the > > > page itself, yes? So if the page has another mapping, this doesn't > work. > > > > > > > But KVM would be aware of guest page mappings, so access permissions > > for any particular mapping can be controlled by KVM. > > kvm isn't aware of all guest mappings (only those that were instantiated > in shadow tlb/pagetables). I am not sure if I understand, but guest would have to be instantiate the mapping in the tlb (for BookE) before page can be accessed. That's when we can set the access permissions. -Varun -- To unsubscribe from this list: send the line "unsubscribe kvm-ppc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html