Or just a little bit? Nothing prevents guest from configuring pci mmio bar to overlap system memory region and the physical memory address will became mmio, but when guest will change pci bar mapping the physical address location will not become memory again, but instead it becomes unassigned. Yes, guest can only hurt itself by doing this, but real HW works different, so things that may work on real HW will break in qemu.
Anyway attached are two patches that fix more pressing issues: segfault and abourt() that can be triggered by a guest. To trigger segfaul run Linux in qemu tcg (or apply patch 2 and then kvm can be used too) with standard config. In the guest do the following: # setpci -s 00:03.0 0x14.L=0xc000 # dd if=/dev/zero of=/dev/mem bs=4096 count=1 seek=12 To trigger abort run Linux in qemu with kvm and do: # setpci -s 00:03.0 0x14.L=0xc000 Gleb Natapov (2): Fix segfault in mmio subpage handling code. Remove guest triggerable abort() exec.c | 2 ++ kvm-all.c | 16 ++++------------ 2 files changed, 6 insertions(+), 12 deletions(-)
