On 12/10/2010 09:53 AM, Paolo Bonzini wrote:
On 12/09/2010 06:29 PM, Stefano Bonifazi wrote:
how can one think that addresses around zero are free for a mapping??
Addresses around zero are always free, because if they weren't you
couldn't detect NULL pointer dereferences reliably.
mmap-ing at zero thus is a tricky operation, because it removes the
possibility to detect NULL pointer dereferences. What's worse, such
ability would be lost even for _kernel_ dereferences of NULL, thus
opening a large security hole for privilege-escalation or kernel
exploits. So, mmap-ing addresses close to zero is restricted to root.
Paolo
Hi!
Thank you! Very clear explanation! :)
- So why can't I simply change the following:
vm86_mem = mmap((void *)0x00000000, 0x110000,
PROT_WRITE | PROT_READ | PROT_EXEC,
MAP_FIXED|MAP_ANON | MAP_PRIVATE, -1, 0);
page_set_flags(0x00000000, 0x110000,
PAGE_WRITE | PAGE_READ | PAGE_EXEC | PAGE_VALID);
into something like:
vm86_mem = mmap((void *)0x00000000, 0x110000,
PROT_WRITE | PROT_READ | PROT_EXEC,
MAP_ANON | MAP_PRIVATE, -1, 0);
page_set_flags(vm86_mem, 0x110000+vm86_mem,
PAGE_WRITE | PAGE_READ | PAGE_EXEC | PAGE_VALID);
?
- Any luck with the tcg fatal error? I am trying to understand how tcg
works for fixing the error.. but it is so complicated! :)
Thank You again!
Best Regards!
Stefano B.
