[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Re: [PATCH] fix qruncom compilation problems

From: Stefano Bonifazi
Subject: [Qemu-devel] Re: [PATCH] fix qruncom compilation problems
Date: Fri, 10 Dec 2010 22:43:01 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20101027 Thunderbird/3.1.6

On 12/10/2010 09:53 AM, Paolo Bonzini wrote:
On 12/09/2010 06:29 PM, Stefano Bonifazi wrote:
how can one think that addresses around zero are free for a mapping??

Addresses around zero are always free, because if they weren't you couldn't detect NULL pointer dereferences reliably.

mmap-ing at zero thus is a tricky operation, because it removes the possibility to detect NULL pointer dereferences. What's worse, such ability would be lost even for _kernel_ dereferences of NULL, thus opening a large security hole for privilege-escalation or kernel exploits. So, mmap-ing addresses close to zero is restricted to root.


Thank you! Very clear explanation! :)

- So why can't I simply change the following:
vm86_mem = mmap((void *)0x00000000, 0x110000,
                    PROT_WRITE | PROT_READ | PROT_EXEC,
                    MAP_FIXED|MAP_ANON | MAP_PRIVATE, -1, 0);
page_set_flags(0x00000000, 0x110000,
                   PAGE_WRITE | PAGE_READ | PAGE_EXEC | PAGE_VALID);
into something like:
vm86_mem = mmap((void *)0x00000000, 0x110000,
                    PROT_WRITE | PROT_READ | PROT_EXEC,
                    MAP_ANON | MAP_PRIVATE, -1, 0);
page_set_flags(vm86_mem, 0x110000+vm86_mem,
                   PAGE_WRITE | PAGE_READ | PAGE_EXEC | PAGE_VALID);

- Any luck with the tcg fatal error? I am trying to understand how tcg works for fixing the error.. but it is so complicated! :)
Thank You again!
Best Regards!
Stefano B.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]