Jim Mattson <jmattson@xxxxxxxxxx> writes: > On Tue, Jul 28, 2020 at 7:38 AM Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> wrote: >> >> PCIe config space can (depending on the configuration) be quite big but >> usually is sparsely populated. Guest may scan it by accessing individual >> device's page which, when device is missing, is supposed to have 'pci >> hole' semantics: reads return '0xff' and writes get discarded. Compared >> to the already existing KVM_MEM_READONLY, VMM doesn't need to allocate >> real memory and stuff it with '0xff'. > > Note that the bus error semantics described should apply to *any* > unbacked guest physical addresses, not just addresses in the PCI hole. > (Typically, this also applies to the standard local APIC page > (0xfee00xxx) when the local APIC is either disabled or in x2APIC mode, > which is an area that kvm has had trouble with in the past.) Yes, we can make KVM return 0xff on all read access to unbacked memory, not only KVM_MEM_PCI_HOLE slots (and drop them completely). This, however, takes the control from userspace: with KVM_MEM_PCI_HOLE memslots we're saying 'accessing this unbacked memory is fine' and we can still trap accesses to all other places. This should help in detecting misbehaving guests. -- Vitaly
