On 4/13/20 8:37 AM, Yan Zhao wrote:
along side setting host page table to be read-only, the memory regions are also required to be read-only, so that when guest writes to the read-only & mmap'd regions, vmexits would happen and region write handlers are called.Signed-off-by: Yan Zhao <yan.y.z...@intel.com> Signed-off-by: Xin Zeng <xin.z...@intel.com> --- hw/vfio/common.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/vfio/common.c b/hw/vfio/common.c index fd6ee1fe3e..fc7618e041 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -977,6 +977,10 @@ int vfio_region_mmap(VFIORegion *region) name, region->mmaps[i].size, region->mmaps[i].mmap); g_free(name); + + if (!(region->flags & VFIO_REGION_INFO_FLAG_WRITE)) { + memory_region_set_readonly(®ion->mmaps[i].mem, true); + } memory_region_add_subregion(region->mem, region->mmaps[i].offset, ®ion->mmaps[i].mem);
Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com>
