From: Paolo Bonzini <pbonzini@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>,
Stefan Hajnoczi <stefanha@gmail.com>
Cc: Juan Quintela <quintela@redhat.com>,
QEMU Developer <qemu-devel@nongnu.org>,
KVM devel mailing list <kvm@vger.kernel.org>
Subject: Re: [Qemu-devel] KVM call for 2017-03-14
Date: Tue, 14 Mar 2017 11:44:39 +0100 [thread overview]
Message-ID: <db6cb6b2-d618-b158-9ac8-955375093b9b@redhat.com> (raw)
In-Reply-To: <CAFEAcA-Qb2fp1kvksE4gBc+-1s29swwqTApFTcaMXnTO7aWDcg@mail.gmail.com>
On 14/03/2017 11:39, Peter Maydell wrote:
>> 3. Is it safer than C even when writing code to operate on guest RAM
>> (i.e. it's no good if you must use unsafe primitives to do the
>> systems programming tasks that QEMU requires)?
> My impression is that many of our security vulnerabilities are
> overflows in local arrays in the device emulation (for instance
> good old VENOM), so I think that even if a candidate safer
> language only provided bounds-checking on arrays it knew about
> and not on raw guest RAM it would still be a significant
> improvement. (Accesses to guest RAM are often via APIs that
> we could add bounds-checks to "by hand" anyway.)
Right, this was one of the reasons behind the introduction of
MemoryRegionCache: get both speed (like address_space_map) and bounds
checking (like address_space_rw).
It looks like it should be easy to wrap it in any language, be it Rust
or a scripting language like Lua.
Paolo
next prev parent reply other threads:[~2017-03-14 10:44 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-12 20:45 [Qemu-devel] KVM call for 2017-03-14 Juan Quintela
2017-03-13 10:02 ` Peter Maydell
2017-03-13 12:50 ` Alex Bennée
2017-03-13 14:12 ` Juan Quintela
2017-03-13 14:17 ` Peter Maydell
2017-03-14 8:03 ` Stefan Hajnoczi
2017-03-14 8:13 ` Stefan Hajnoczi
2017-03-14 8:37 ` Peter Maydell
2017-03-14 8:59 ` Juan Quintela
2017-03-14 10:56 ` Peter Maydell
2017-03-15 8:39 ` Christian Borntraeger
2017-03-15 10:29 ` Greg Kurz
2017-03-15 11:25 ` Laurent Vivier
2017-03-15 16:35 ` Greg Kurz
2017-03-14 16:01 ` Dr. David Alan Gilbert
2017-03-14 16:20 ` Daniel P. Berrange
2017-03-14 16:54 ` [Qemu-devel] Obsolete QEMU host environments (was: Re: KVM call for 2017-03-14) Thomas Huth
2017-03-14 17:07 ` Peter Maydell
2017-03-14 21:09 ` [Qemu-devel] Obsolete QEMU host environments Richard Henderson
2017-03-15 9:40 ` Daniel P. Berrange
2017-03-15 10:02 ` Thomas Huth
2017-03-15 15:46 ` Aurelien Jarno
2017-03-14 17:14 ` [Qemu-devel] KVM call for 2017-03-14 Paolo Bonzini
2017-03-14 17:18 ` Peter Maydell
2017-03-14 17:29 ` Dr. David Alan Gilbert
2017-03-15 8:30 ` Gerd Hoffmann
2017-03-14 9:33 ` Markus Armbruster
2017-03-14 8:53 ` Juan Quintela
2017-03-14 10:39 ` Peter Maydell
2017-03-14 10:44 ` Paolo Bonzini [this message]
2017-03-14 9:24 ` Thomas Huth
2017-03-14 10:13 ` Kevin Wolf
2017-03-14 12:20 ` Markus Armbruster
2017-03-14 12:35 ` Kevin Wolf
2017-03-14 10:32 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=db6cb6b2-d618-b158-9ac8-955375093b9b@redhat.com \
--to=pbonzini@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).