[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] KVM call for 2017-03-14
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] KVM call for 2017-03-14 |
|
Date: |
Tue, 14 Mar 2017 11:44:39 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 |
On 14/03/2017 11:39, Peter Maydell wrote:
>> 3. Is it safer than C even when writing code to operate on guest RAM
>> (i.e. it's no good if you must use unsafe primitives to do the
>> systems programming tasks that QEMU requires)?
> My impression is that many of our security vulnerabilities are
> overflows in local arrays in the device emulation (for instance
> good old VENOM), so I think that even if a candidate safer
> language only provided bounds-checking on arrays it knew about
> and not on raw guest RAM it would still be a significant
> improvement. (Accesses to guest RAM are often via APIs that
> we could add bounds-checks to "by hand" anyway.)
Right, this was one of the reasons behind the introduction of
MemoryRegionCache: get both speed (like address_space_map) and bounds
checking (like address_space_rw).
It looks like it should be easy to wrap it in any language, be it Rust
or a scripting language like Lua.
Paolo
Re: [Qemu-devel] KVM call for 2017-03-14, Thomas Huth, 2017/03/14
Re: [Qemu-devel] KVM call for 2017-03-14, Peter Maydell, 2017/03/14