Document RAM guard page logic within mmap-alloc.
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
---
Paolo, can you pls confirm this is what you had in mind?
util/mmap-alloc.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
index 05c8b4b..d978399 100644
--- a/util/mmap-alloc.c
+++ b/util/mmap-alloc.c
@@ -12,9 +12,14 @@
#include <qemu/mmap-alloc.h>
#include <sys/types.h>
#include <sys/mman.h>
+#include <assert.h>
void *qemu_ram_mmap(int fd, size_t size, size_t align)
{
+ /*
+ * Note: this always allocates at least one extra page of virtual address
+ * space, even if size is already aligned.
+ */
size_t total = size + align;
void *ptr = mmap(0, total, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
size_t offset = QEMU_ALIGN_UP((uintptr_t)ptr, align) - (uintptr_t)ptr;
@@ -24,6 +29,11 @@ void *qemu_ram_mmap(int fd, size_t size, size_t align)
return NULL;
}
+ /* Make sure align is a power of 2 */
+ assert(!(align & (align - 1)));
+ /* Always align to host page size */
+ assert(align >= getpagesize());
+
ptr1 = mmap(ptr + offset, size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, fd, 0);
if (ptr1 == MAP_FAILED) {
@@ -37,6 +47,11 @@ void *qemu_ram_mmap(int fd, size_t size, size_t align)
if (offset > 0) {
munmap(ptr - offset, offset);
}
+
+ /*
+ * Leave a single PROT_NONE page allocated after the RAM block, to serve as
+ * a guard page guarding against potential buffer overflows.
+ */
if (total > size + getpagesize()) {
munmap(ptr + size + getpagesize(), total - size - getpagesize());
}
@@ -47,6 +62,7 @@ void *qemu_ram_mmap(int fd, size_t size, size_t align)
void qemu_ram_munmap(void *ptr, size_t size)
{
if (ptr) {
+ /* Unmap both the RAM block and the guard page */
munmap(ptr, size + getpagesize());
}
}
--
MST
