On Sun, Feb 28, 2010 at 01:59:27AM +0000, Paul Brook wrote: > > > I'm pretty sure a guest can cause those to change and I'm not 100% > > > sure, but I think it's a potential source of exploits if you assume a > > > mapping. In the very least, a guest can trick vhost into writing to ram > > > that it wouldn't normally write to. > > > > This seems harmless. guest can write anywhere in ram, anyway. > > Surely writing to the wrong address is always a fatal flaw.
If guest does an illegal operation, it can corrupt its own memory. This is the case with physical devices as well. > There certainly > exist machines that can change physical RAM mapping. I am talking about mapping between phy RAM offset and qemu virt address. When can it change without RAM in question going away? > While I wouldn't expect > this to happen during normal operation, it could occur between a (virtio- > aware) bootloader/BIOS and real kernel. > > Paul Should not matter for vhost, it is only active if driver is active ...
