On Tue, Mar 29, 2011 at 11:53:54AM +0100, Stefan Hajnoczi wrote: > On Mon, Mar 28, 2011 at 10:14 PM, Michael S. Tsirkin <m...@redhat.com> wrote: > > vhost used cpu_physical_memory_map to get the > > virtual address for the ring, however, > > this will exit on an illegal RAM address. > > Since the addresses are guest-controlled, we > > shouldn't do that. > > > > Switch to our own variant that uses the vhost > > tables and returns an error instead of exiting. > > We should make all of QEMU more robust instead of just vhost. Perhaps > introduce cpu_physical_memory_map_nofail(...) that aborts like the > current cpu_physical_memory_map() implementation and then make non-hw/ > users call that one. hw/ users should check for failure. > > Stefan
Yea, well ... at least vhost-net wants to also check it is given a ram address, not some other physical address. We could generally replace the memory management in vhost-net by some other logic, when that's done this one can go away as well. -- MST