From: Paolo Bonzini <pbonzini@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>, qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>
Subject: Re: [Qemu-devel] [PATCH] util/mmap-alloc: add comments, assertions
Date: Tue, 29 Sep 2015 12:53:17 +0200 [thread overview]
Message-ID: <560A6D9D.3030809@redhat.com> (raw)
In-Reply-To: <1443523755-5873-1-git-send-email-mst@redhat.com>
On 29/09/2015 12:51, Michael S. Tsirkin wrote:
> Document RAM guard page logic within mmap-alloc.
>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> ---
>
> Paolo, can you pls confirm this is what you had in mind?
>
> util/mmap-alloc.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
> index 05c8b4b..d978399 100644
> --- a/util/mmap-alloc.c
> +++ b/util/mmap-alloc.c
> @@ -12,9 +12,14 @@
> #include <qemu/mmap-alloc.h>
> #include <sys/types.h>
> #include <sys/mman.h>
> +#include <assert.h>
>
> void *qemu_ram_mmap(int fd, size_t size, size_t align)
> {
> + /*
> + * Note: this always allocates at least one extra page of virtual address
> + * space, even if size is already aligned.
> + */
> size_t total = size + align;
> void *ptr = mmap(0, total, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
> size_t offset = QEMU_ALIGN_UP((uintptr_t)ptr, align) - (uintptr_t)ptr;
> @@ -24,6 +29,11 @@ void *qemu_ram_mmap(int fd, size_t size, size_t align)
> return NULL;
> }
>
> + /* Make sure align is a power of 2 */
> + assert(!(align & (align - 1)));
> + /* Always align to host page size */
> + assert(align >= getpagesize());
> +
> ptr1 = mmap(ptr + offset, size, PROT_READ | PROT_WRITE,
> MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, fd, 0);
> if (ptr1 == MAP_FAILED) {
> @@ -37,6 +47,11 @@ void *qemu_ram_mmap(int fd, size_t size, size_t align)
> if (offset > 0) {
> munmap(ptr - offset, offset);
> }
> +
> + /*
> + * Leave a single PROT_NONE page allocated after the RAM block, to serve as
> + * a guard page guarding against potential buffer overflows.
> + */
> if (total > size + getpagesize()) {
> munmap(ptr + size + getpagesize(), total - size - getpagesize());
> }
> @@ -47,6 +62,7 @@ void *qemu_ram_mmap(int fd, size_t size, size_t align)
> void qemu_ram_munmap(void *ptr, size_t size)
> {
> if (ptr) {
> + /* Unmap both the RAM block and the guard page */
> munmap(ptr, size + getpagesize());
> }
> }
>
Yes, thanks!
Paolo
prev parent reply other threads:[~2015-09-29 10:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-29 10:51 [Qemu-devel] [PATCH] util/mmap-alloc: add comments, assertions Michael S. Tsirkin
2015-09-29 10:53 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=560A6D9D.3030809@redhat.com \
--to=pbonzini@redhat.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.