On 27/09/2015 12:14, Michael S. Tsirkin wrote: > Multiple places in QEMU map guest memory, then access it > directly. Unfortunately since we are using C, there's always > a chance that we'll miss a bounds check when we do this. > This has a potential to corrupt QEMU memory. > > As a mitigation strategy against such exploits, > allocate a page in HVA space on top of each RAM chunk > with PROT_NONE protection. > > Buffer overflows will now cause QEMU to crash. > > This is a repost, combining separate patches into a single > series. No changes to patches themselves. > > Michael S. Tsirkin (4): > oslib: rework anonimous RAM allocation > oslib: allocate PROT_NONE pages on top of RAM > exec: allocate PROT_NONE pages on top of RAM > exec: factor out duplicate mmap code > > include/qemu/mmap-alloc.h | 10 +++++++++ > exec.c | 19 ++++++++++++----- > util/mmap-alloc.c | 52 > +++++++++++++++++++++++++++++++++++++++++++++++ > util/oslib-posix.c | 20 ++++-------------- > util/Makefile.objs | 2 +- > 5 files changed, 81 insertions(+), 22 deletions(-) > create mode 100644 include/qemu/mmap-alloc.h > create mode 100644 util/mmap-alloc.c >
Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Acked-by: Paolo Bonzini <pbonz...@redhat.com> Regarding my request to add comments in patch 2, feel free to add them directly in patch 4 instead. Paolo
