From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter Maydell <peter.maydell@linaro.org>
Subject: Re: [Qemu-devel] KVM call for 2017-03-14
Date: Tue, 14 Mar 2017 11:39:58 +0100
Message-ID: <CAFEAcA-Qb2fp1kvksE4gBc+-1s29swwqTApFTcaMXnTO7aWDcg@mail.gmail.com>
References: <87tw6y8bs8.fsf@secure.mitica> <CAFEAcA978SJemCfYJPa8jwtuhhi6JGh9pEDGYNJ1npJA3nvEQA@mail.gmail.com>
 <20170314081312.GB13140@stefanha-x1.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Cc: Juan Quintela <quintela@redhat.com>,
        QEMU Developer <qemu-devel@nongnu.org>,
        KVM devel mailing list <kvm@vger.kernel.org>
To: Stefan Hajnoczi <stefanha@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-wm0-f46.google.com ([74.125.82.46]:37153 "EHLO
        mail-wm0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750785AbdCNKkV (ORCPT <rfc822;kvm@vger.kernel.org>);
        Tue, 14 Mar 2017 06:40:21 -0400
Received: by mail-wm0-f46.google.com with SMTP id n11so60238450wma.0
        for <kvm@vger.kernel.org>; Tue, 14 Mar 2017 03:40:20 -0700 (PDT)
In-Reply-To: <20170314081312.GB13140@stefanha-x1.localdomain>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 14 March 2017 at 09:13, Stefan Hajnoczi <stefanha@gmail.com> wrote:
> The minimum requirements for the new language:

> 3. Is it safer than C even when writing code to operate on guest RAM
>    (i.e. it's no good if you must use unsafe primitives to do the
>    systems programming tasks that QEMU requires)?

My impression is that many of our security vulnerabilities are
overflows in local arrays in the device emulation (for instance
good old VENOM), so I think that even if a candidate safer
language only provided bounds-checking on arrays it knew about
and not on raw guest RAM it would still be a significant
improvement. (Accesses to guest RAM are often via APIs that
we could add bounds-checks to "by hand" anyway.) So I wouldn't
consider this as a "minimum requirement", only a "nice to have".

thanks
-- PMM