[Qemu-devel] [PATCH RFC 0/3] add mitigation against buffer overflows

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH RFC 0/3] add mitigation against buffer overflows

From:	Michael S. Tsirkin
Subject:	[Qemu-devel] [PATCH RFC 0/3] add mitigation against buffer overflows
Date:	Thu, 10 Sep 2015 17:20:16 +0300

Multiple places in QEMU map guest memory, then access it
directly. Unfortunately since we are using C, there's always
a chance that we'll miss a bounds check when we do this.
This has a potential to corrupt QEMU memory.

As a mitigation strategy against such exploits,
allocate a page in HVA space on top of each RAM chunk
with PROT_NONE protection.

Buffer overflows will now cause QEMU to crash.

Lightly tested.

Michael S. Tsirkin (3):
  oslib: rework anonimous RAM allocation
  oslib: allocate PROT_NONE pages on top of RAM
  exec: allocate PROT_NONE pages on top of RAM

 exec.c             | 42 +++++++++++++++++++++++++++++++++++++++---
 util/oslib-posix.c | 20 ++++++++++++++------
 2 files changed, 53 insertions(+), 9 deletions(-)

-- 
MST

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH RFC 0/3] add mitigation against buffer overflows, Michael S. Tsirkin <=
- [Qemu-devel] [PATCH RFC 1/3] oslib: rework anonimous RAM allocation, Michael S. Tsirkin, 2015/09/10
- [Qemu-devel] [PATCH RFC 2/3] oslib: allocate PROT_NONE pages on top of RAM, Michael S. Tsirkin, 2015/09/10
- [Qemu-devel] [PATCH RFC 3/3] exec: allocate PROT_NONE pages on top of RAM, Michael S. Tsirkin, 2015/09/10

Prev by Date: Re: [Qemu-devel] [RFC 00/20] Do away with TB retranslation
Next by Date: [Qemu-devel] [PATCH RFC 1/3] oslib: rework anonimous RAM allocation
Previous by thread: Re: [Qemu-devel] [RFC 13/38] cputlb: add physical address to CPUTLBEntry
Next by thread: [Qemu-devel] [PATCH RFC 1/3] oslib: rework anonimous RAM allocation
Index(es):
- Date
- Thread