On Mon, Mar 28, 2011 at 10:14 PM, Michael S. Tsirkin <m...@redhat.com> wrote: > vhost used cpu_physical_memory_map to get the > virtual address for the ring, however, > this will exit on an illegal RAM address. > Since the addresses are guest-controlled, we > shouldn't do that. > > Switch to our own variant that uses the vhost > tables and returns an error instead of exiting.
We should make all of QEMU more robust instead of just vhost. Perhaps introduce cpu_physical_memory_map_nofail(...) that aborts like the current cpu_physical_memory_map() implementation and then make non-hw/ users call that one. hw/ users should check for failure. Stefan