From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=46540 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PQyiv-0002Qw-Cd
	for qemu-devel@nongnu.org; Fri, 10 Dec 2010 03:53:06 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1PQyiu-0004Xp-Ak
	for qemu-devel@nongnu.org; Fri, 10 Dec 2010 03:53:05 -0500
Received: from mx1.redhat.com ([209.132.183.28]:41803)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1PQyiu-0004XH-00
	for qemu-devel@nongnu.org; Fri, 10 Dec 2010 03:53:04 -0500
Message-ID: <4D01EA70.1040906@redhat.com>
Date: Fri, 10 Dec 2010 09:53:04 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <4CFF6E8F.7000300@gmail.com>
	<1291812551-12590-1-git-send-email-pbonzini@redhat.com>
	<4CFFFC1A.1090001@gmail.com> <4D008246.9070500@redhat.com>
	<4D0111E5.5070702@gmail.com>
In-Reply-To: <4D0111E5.5070702@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: [PATCH] fix qruncom compilation problems
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefano Bonifazi <stefboombastic@gmail.com>
Cc: qemu-devel@nongnu.org

On 12/09/2010 06:29 PM, Stefano Bonifazi wrote:
> how can one think that addresses around zero are free for a mapping??

Addresses around zero are always free, because if they weren't you 
couldn't detect NULL pointer dereferences reliably.

mmap-ing at zero thus is a tricky operation, because it removes the 
possibility to detect NULL pointer dereferences.  What's worse, such 
ability would be lost even for _kernel_ dereferences of NULL, thus 
opening a large security hole for privilege-escalation or kernel 
exploits.  So, mmap-ing addresses close to zero is restricted to root.

Paolo