[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] exec: avoid possible overwriting of mmaped area
|
From: |
Gonglei |
|
Subject: |
Re: [Qemu-devel] [PATCH] exec: avoid possible overwriting of mmaped area in qemu_ram_remap |
|
Date: |
Thu, 26 Mar 2015 10:26:29 +0800 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
On 2015/3/25 21:15, Paolo Bonzini wrote:
> It is not necessary to munmap an area before remapping it with MAP_FIXED;
> if the memory region specified by addr and len overlaps pages of any
> existing mapping, then the overlapped part of the existing mapping will
> be discarded.
>
Yes, it is.
> On the other hand, if QEMU does munmap the pages, there is a small
> probability that another mmap sneaks in and catches the just-freed
> portion of the address space. In effect, munmap followed by
> mmap(MAP_FIXED) is a use-after-free error, and Coverity flags it
> as such. Fix it.
>
> Signed-off-by: Paolo Bonzini <address@hidden>
> ---
> Please review. :)
>
> exec.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/exec.c b/exec.c
> index 8b922db..6d1e1e4 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1638,7 +1638,6 @@ void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
> abort();
> } else {
> flags = MAP_FIXED;
> - munmap(vaddr, length);
> if (block->fd >= 0) {
> flags |= (block->flags & RAM_SHARED ?
> MAP_SHARED : MAP_PRIVATE);
>
Looks good to me, so
Reviewed-by: Gonglei <address@hidden>