On 16/09/2020 10:51, Stefan Hajnoczi wrote:
v2:
* s/the the/the/ in documentation [Philippe]
* Assign nvdimm->unarmed earlier [Philippe]
There is currently no way to back an NVDIMM with a read-only file so it can be
safely shared between untrusted guests.
Introduce an -object memory-backend-file,readonly=on|off option.
Julio Montes sent an earlier patch here:
https://patchew.org/QEMU/20190708211936.8037-1-julio.mon...@intel.com/
Eric Ernst requested this feature again for Kata Containers so I gave it a try.
Stefan Hajnoczi (3):
memory: add readonly support to memory_region_init_ram_from_file()
hostmem-file: add readonly=on|off option
nvdimm: honor -object memory-backend-file,readonly=on option
Reviewed-by: Liam Merwick <liam.merw...@oracle.com>
Tested-by: Liam Merwick <liam.merw...@oracle.com>
(I just quickly modified kata-runtime to unconditionally pass
readonly=on and verified that the root filesystem couldn't be remounted
as rw)
Is this a candidate for 6.0?
Regards,
Liam
docs/nvdimm.txt | 8 +++++++-
include/exec/memory.h | 2 ++
include/exec/ram_addr.h | 5 +++--
include/qemu/mmap-alloc.h | 2 ++
backends/hostmem-file.c | 26 +++++++++++++++++++++++++-
exec.c | 18 +++++++++++-------
hw/mem/nvdimm.c | 4 ++++
softmmu/memory.c | 7 +++++--
util/mmap-alloc.c | 10 ++++++----
util/oslib-posix.c | 2 +-
qemu-options.hx | 5 ++++-
11 files changed, 70 insertions(+), 19 deletions(-)
