Prevent guest reusing host memory allocations.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4710 c046a42c-6fe2-441c-8c8c-71466251a162

Prevent guest reusing host memory allocations.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4710 c046a42c-6fe2-441c-8c8c-71466251a162
pbrook
1 parent 82e671d9
Showing 6 changed files with 134 additions and 40 deletions
Makefile
Makefile.target
cutils.c
exec.c
linux-user/mmap.c
qemu-malloc.c
@@ -39,7 +39,7 @@ recurse-all: $(SUBDIR_RULES)
 #######################################################################
 # BLOCK_OBJS is code used by both qemu system emulation and qemu-img
  
-BLOCK_OBJS=cutils.o
+BLOCK_OBJS=cutils.o qemu-malloc.o
 BLOCK_OBJS+=block-cow.o block-qcow.o aes.o block-vmdk.o block-cloop.o
 BLOCK_OBJS+=block-dmg.o block-bochs.o block-vpc.o block-vvfat.o
 BLOCK_OBJS+=block-qcow2.o block-parallels.o
@@ -387,7 +387,7 @@ LDFLAGS+=-Wl,-T,$(SRC_PATH)/$(ARCH)el.ld
 endif
 endif
  
-OBJS= main.o syscall.o strace.o mmap.o signal.o path.o osdep.o thunk.o \
+OBJS= main.o syscall.o strace.o mmap.o signal.o path.o thunk.o \
       elfload.o linuxload.o uaccess.o
 LIBS+= $(AIOLIBS)
 ifdef TARGET_HAS_BFLT
@@ -444,7 +444,7 @@ LDFLAGS+=-Wl,-segaddr,__STD_PROG_ZONE,0x1000 -image_base 0x0e000000
  
 LIBS+=-lmx
  
-OBJS= main.o commpage.o machload.o mmap.o osdep.o signal.o syscall.o thunk.o
+OBJS= main.o commpage.o machload.o mmap.o signal.o syscall.o thunk.o
  
 OBJS+= libqemu.a
  
@@ -95,38 +95,3 @@ time_t mktimegm(struct tm *tm)
     t += 3600 * tm->tm_hour + 60 * tm->tm_min + tm->tm_sec;
     return t;
 }
-
-void *get_mmap_addr(unsigned long size)
-{
-    return NULL;
-}
-
-void qemu_free(void *ptr)
-{
-    free(ptr);
-}
-
-void *qemu_malloc(size_t size)
-{
-    return malloc(size);
-}
-
-void *qemu_mallocz(size_t size)
-{
-    void *ptr;
-    ptr = qemu_malloc(size);
-    if (!ptr)
-        return NULL;
-    memset(ptr, 0, size);
-    return ptr;
-}
-
-char *qemu_strdup(const char *str)
-{
-    char *ptr;
-    ptr = qemu_malloc(strlen(str) + 1);
-    if (!ptr)
-        return NULL;
-    strcpy(ptr, str);
-    return ptr;
-}
@@ -263,13 +263,33 @@ static inline PageDesc *page_find_alloc(target_ulong index)
 {
     PageDesc **lp, *p;
  
+#if TARGET_LONG_BITS > 32
+    /* Host memory outside guest VM.  For 32-bit targets we have already
+       excluded high addresses.  */
+    if (index > ((target_ulong)L2_SIZE * L1_SIZE * TARGET_PAGE_SIZE))
+        return NULL;
+#endif
     lp = &l1_map[index >> L2_BITS];
     p = *lp;
     if (!p) {
         /* allocate if not found */
-        p = qemu_malloc(sizeof(PageDesc) * L2_SIZE);
-        memset(p, 0, sizeof(PageDesc) * L2_SIZE);
+#if defined(CONFIG_USER_ONLY)
+        unsigned long addr;
+        size_t len = sizeof(PageDesc) * L2_SIZE;
+        /* Don't use qemu_malloc because it may recurse.  */
+        p = mmap(0, len, PROT_READ | PROT_WRITE,
+                 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+        *lp = p;
+        addr = h2g(p);
+        if (addr == (target_ulong)addr) {
+            page_set_flags(addr & TARGET_PAGE_MASK,
+                           TARGET_PAGE_ALIGN(addr + len),
+                           PAGE_RESERVED); 
+        }
+#else
+        p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
         *lp = p;
+#endif
     }
     return p + (index & (L2_SIZE - 1));
 }
@@ -1912,6 +1932,10 @@ void page_set_flags(target_ulong start, target_ulong end, int flags)
         flags |= PAGE_WRITE_ORG;
     for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
         p = page_find_alloc(addr >> TARGET_PAGE_BITS);
+        /* We may be called for host regions that are outside guest
+           address space.  */
+        if (!p)
+            return;
         /* if the write protection is set, then we invalidate the code
            inside */
         if (!(p->flags & PAGE_WRITE) &&
@@ -73,6 +73,52 @@ void mmap_unlock(void)
 }
 #endif
  
+void *qemu_vmalloc(size_t size)
+{
+    void *p;
+    unsigned long addr;
+    mmap_lock();
+    /* Use map and mark the pages as used.  */
+    p = mmap(NULL, size, PROT_READ | PROT_WRITE,
+             MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+
+    addr = (unsigned long)p;
+    if (addr == (target_ulong) addr) {
+        /* Allocated region overlaps guest address space.
+           This may recurse.  */
+        page_set_flags(addr & TARGET_PAGE_MASK, TARGET_PAGE_ALIGN(addr + size),
+                       PAGE_RESERVED);
+    }
+
+    mmap_unlock();
+    return p;
+}
+
+void *qemu_malloc(size_t size)
+{
+    char * p;
+    size += 16;
+    p = qemu_vmalloc(size);
+    *(size_t *)p = size;
+    return p + 16;
+}
+
+/* We use map, which is always zero initialized.  */
+void * qemu_mallocz(size_t size)
+{
+    return qemu_malloc(size);
+}
+
+void qemu_free(void *ptr)
+{
+    /* FIXME: We should unmark the reserved pages here.  However this gets
+       complicated when one target page spans multiple host pages, so we
+       don't bother.  */
+    size_t *p;
+    p = (size_t *)((char *)ptr - 16);
+    munmap(p, *p);
+}
+
 /* NOTE: all the constants are the HOST ones, but addresses are target. */
 int target_mprotect(abi_ulong start, abi_ulong len, int prot)
 {
+/*
+ * malloc-like functions for system emulation.
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu-common.h"
+
+void *get_mmap_addr(unsigned long size)
+{
+    return NULL;
+}
+
+void qemu_free(void *ptr)
+{
+    free(ptr);
+}
+
+void *qemu_malloc(size_t size)
+{
+    return malloc(size);
+}
+
+void *qemu_mallocz(size_t size)
+{
+    void *ptr;
+    ptr = qemu_malloc(size);
+    if (!ptr)
+        return NULL;
+    memset(ptr, 0, size);
+    return ptr;
+}
+
+char *qemu_strdup(const char *str)
+{
+    char *ptr;
+    ptr = qemu_malloc(strlen(str) + 1);
+    if (!ptr)
+        return NULL;
+    strcpy(ptr, str);
+    return ptr;
+}