[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH RFC 0/3] add mitigation against buffer overflows
From: |
Michael S. Tsirkin |
Subject: |
[Qemu-devel] [PATCH RFC 0/3] add mitigation against buffer overflows |
Date: |
Thu, 10 Sep 2015 17:20:16 +0300 |
Multiple places in QEMU map guest memory, then access it
directly. Unfortunately since we are using C, there's always
a chance that we'll miss a bounds check when we do this.
This has a potential to corrupt QEMU memory.
As a mitigation strategy against such exploits,
allocate a page in HVA space on top of each RAM chunk
with PROT_NONE protection.
Buffer overflows will now cause QEMU to crash.
Lightly tested.
Michael S. Tsirkin (3):
oslib: rework anonimous RAM allocation
oslib: allocate PROT_NONE pages on top of RAM
exec: allocate PROT_NONE pages on top of RAM
exec.c | 42 +++++++++++++++++++++++++++++++++++++++---
util/oslib-posix.c | 20 ++++++++++++++------
2 files changed, 53 insertions(+), 9 deletions(-)
--
MST
- [Qemu-devel] [PATCH RFC 0/3] add mitigation against buffer overflows,
Michael S. Tsirkin <=