All of lore.kernel.org
 help / color / mirror / Atom feed
From: Paolo Bonzini <pbonzini@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>,
	Stefan Hajnoczi <stefanha@gmail.com>
Cc: Juan Quintela <quintela@redhat.com>,
	QEMU Developer <qemu-devel@nongnu.org>,
	KVM devel mailing list <kvm@vger.kernel.org>
Subject: Re: [Qemu-devel] KVM call for 2017-03-14
Date: Tue, 14 Mar 2017 11:44:39 +0100	[thread overview]
Message-ID: <db6cb6b2-d618-b158-9ac8-955375093b9b@redhat.com> (raw)
In-Reply-To: <CAFEAcA-Qb2fp1kvksE4gBc+-1s29swwqTApFTcaMXnTO7aWDcg@mail.gmail.com>



On 14/03/2017 11:39, Peter Maydell wrote:
>> 3. Is it safer than C even when writing code to operate on guest RAM
>>    (i.e. it's no good if you must use unsafe primitives to do the
>>    systems programming tasks that QEMU requires)?
> My impression is that many of our security vulnerabilities are
> overflows in local arrays in the device emulation (for instance
> good old VENOM), so I think that even if a candidate safer
> language only provided bounds-checking on arrays it knew about
> and not on raw guest RAM it would still be a significant
> improvement. (Accesses to guest RAM are often via APIs that
> we could add bounds-checks to "by hand" anyway.) 

Right, this was one of the reasons behind the introduction of
MemoryRegionCache: get both speed (like address_space_map) and bounds
checking (like address_space_rw).

It looks like it should be easy to wrap it in any language, be it Rust
or a scripting language like Lua.

Paolo

  reply	other threads:[~2017-03-14 10:44 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-12 20:45 KVM call for 2017-03-14 Juan Quintela
2017-03-12 20:45 ` [Qemu-devel] " Juan Quintela
2017-03-13 10:02 ` Peter Maydell
2017-03-13 12:50   ` Alex Bennée
2017-03-13 14:12   ` Juan Quintela
2017-03-13 14:12     ` [Qemu-devel] " Juan Quintela
2017-03-13 14:17     ` Peter Maydell
2017-03-13 14:17       ` [Qemu-devel] " Peter Maydell
2017-03-14  8:03     ` Stefan Hajnoczi
2017-03-14  8:13   ` Stefan Hajnoczi
2017-03-14  8:37     ` Peter Maydell
2017-03-14  8:59       ` Juan Quintela
2017-03-14  8:59         ` [Qemu-devel] " Juan Quintela
2017-03-14 10:56         ` Peter Maydell
2017-03-14 10:56           ` [Qemu-devel] " Peter Maydell
2017-03-15  8:39           ` Christian Borntraeger
2017-03-15  8:39             ` [Qemu-devel] " Christian Borntraeger
2017-03-15 10:29           ` Greg Kurz
2017-03-15 11:25             ` Laurent Vivier
2017-03-15 11:25               ` Laurent Vivier
2017-03-15 16:35               ` Greg Kurz
2017-03-14 16:01         ` Dr. David Alan Gilbert
2017-03-14 16:20           ` Daniel P. Berrange
2017-03-14 16:54             ` Obsolete QEMU host environments (was: Re: KVM call for 2017-03-14) Thomas Huth
2017-03-14 16:54               ` [Qemu-devel] " Thomas Huth
2017-03-14 17:07               ` Peter Maydell
2017-03-14 17:07                 ` [Qemu-devel] " Peter Maydell
2017-03-14 21:09                 ` Obsolete QEMU host environments Richard Henderson
2017-03-14 21:09                   ` [Qemu-devel] " Richard Henderson
2017-03-15  9:40                   ` Daniel P. Berrange
2017-03-15  9:40                     ` [Qemu-devel] " Daniel P. Berrange
2017-03-15 10:02                     ` Thomas Huth
2017-03-15 10:02                       ` [Qemu-devel] " Thomas Huth
2017-03-15 15:46                   ` Aurelien Jarno
2017-03-15 15:46                     ` [Qemu-devel] " Aurelien Jarno
2017-03-14 17:14             ` [Qemu-devel] KVM call for 2017-03-14 Paolo Bonzini
2017-03-14 17:18           ` Peter Maydell
2017-03-14 17:29             ` Dr. David Alan Gilbert
2017-03-15  8:30               ` Gerd Hoffmann
2017-03-14  9:33       ` Markus Armbruster
2017-03-14  8:53     ` Juan Quintela
2017-03-14  8:53       ` [Qemu-devel] " Juan Quintela
2017-03-14 10:39     ` Peter Maydell
2017-03-14 10:44       ` Paolo Bonzini [this message]
2017-03-14  9:24   ` Thomas Huth
2017-03-14 10:13     ` Kevin Wolf
2017-03-14 12:20       ` Markus Armbruster
2017-03-14 12:35         ` Kevin Wolf
2017-03-14 10:32     ` Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=db6cb6b2-d618-b158-9ac8-955375093b9b@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=quintela@redhat.com \
    --cc=stefanha@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.