On Wed, Jun 03, 2015 at 06:11:29PM +0200, Paolo Bonzini wrote: > > > On 03/06/2015 17:23, Igor Mammedov wrote: > >> > Understood now. This still should be a separate patch. I'm much more > >> > confident with the other two (e.g. what happens if a malicious guest > >> > writes to memory that is still MAP_NORESERVE), > > it should get SIGSEVG due to access to PROT_NONE. > > QEMU doesn't get the SEGV if you do address_space_rw or > address_space_map to unallocated space, because the empty area in the > container is treated as MMIO. > > But what does vhost do if you tell it to treat the whole block as a > single huge lump? > > Paolo
Guest can make vhost attempt reading or writing it. vhost will do copy from/to user. > >> > so feel free to post > >> > those without RFC tag. But the vhost one really needs mst's eyes. > > ok, I'll split it out. > >
