ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/hw
History
Leonardo Bras 9c7c040702 vfio/nvlink: Remove exec permission to avoid SELinux AVCs 
If SELinux is setup without 'execmem' permission for qemu, all mmap
with (PROT_WRITE | PROT_EXEC) will fail and print a warning in
SELinux log.

If "nvlink2-mr" memory allocation fails (fist diff), it will cause
guest NUMA nodes to not be correctly configured (V100 memory will
not be visible for guest, nor its NUMA nodes).

Not having 'execmem' permission is intesting for virtual machines to
avoid buffer-overflow based attacks, and it's adopted in distros
like RHEL.

So, removing the PROT_EXEC flag seems the right thing to do.

Browsing some other code that mmaps memory for usage with
memory_region_init_ram_device_ptr, I could notice it's usual to
not have PROT_EXEC (only PROT_READ | PROT_WRITE), so it should be
no problem around this.

Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
Message-Id: <20200501055448.286518-1-leobras.c@gmail.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
 		2020-05-27 15:29:36 +10:00
..
9pfs xen/9pfs: increase max ring order to 9 2020-05-25 11:45:40 +02:00
acpi qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
adc hw/*/Makefile.objs: Move many .o files to common-objs 2020-02-04 09:00:57 +01:00
alpha hw/ide: Do ide_drive_get() within pci_ide_create_devs() 2020-03-17 12:22:36 -04:00
arm hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask() 2020-05-21 22:05:27 +01:00
audio hw/audio/gus: Use AUDIO_HOST_ENDIANNESS definition from 'audio/audio.h' 2020-05-25 11:30:03 +02:00
block hw/block/pflash: Check return value of blk_pwrite() 2020-05-22 19:38:14 +02:00
char hw/char/xilinx_uartlite: Replace hw_error() by qemu_log_mask() 2020-05-21 22:05:27 +01:00
core various: Remove unnecessary OBJECT() cast 2020-05-15 07:08:14 +02:00
cpu qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
cris hw: Make MachineClass::is_default a boolean type 2020-02-28 14:57:19 -05:00
display hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask() 2020-05-21 22:05:27 +01:00
dma hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask() 2020-05-21 22:05:27 +01:00
gpio ARM: PL061: Introduce N_GPIOS 2020-05-21 22:05:27 +01:00
hppa hw/ide: Remove unneeded inclusion of hw/ide.h 2020-03-17 12:22:36 -04:00
hyperv qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
i2c hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
i386 hw: Use QEMU_IS_ALIGNED() on parallel flash block size 2020-05-18 19:05:25 +02:00
ide hw/ide/ahci: Log lost IRQs 2020-05-18 19:05:25 +02:00
input qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
intc qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
ipack qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
ipmi various: Remove unnecessary OBJECT() cast 2020-05-15 07:08:14 +02:00
isa Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
lm32 hw: Make MachineClass::is_default a boolean type 2020-02-28 14:57:19 -05:00
m68k hw/m68k: Use memory_region_init_rom() with read-only regions 2020-03-17 15:18:47 +01:00
mem qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
microblaze various: Remove unnecessary OBJECT() cast 2020-05-15 07:08:14 +02:00
mips hw/mips/mips_fulong2e: Remove unused 'audio/audio.h' include 2020-05-26 08:46:14 +02:00
misc hw: Move i.MX watchdog driver to hw/watchdog 2020-05-21 20:00:18 +01:00
moxie hw: Make MachineClass::is_default a boolean type 2020-02-28 14:57:19 -05:00
net hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
nios2 qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
nubus hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
nvram hw/nvram/mac_nvram: Convert debug printf()s to trace events 2020-05-27 15:29:36 +10:00
openrisc hw: Make MachineClass::is_default a boolean type 2020-02-28 14:57:19 -05:00
pci qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
pci-bridge hw/pci-bridge/dec: Remove dead debug code 2020-05-27 15:29:36 +10:00
pci-host hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
pcmcia qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
ppc ppc/spapr: Add hotremovable flag on DIMM LMBs on drmem_v2 2020-05-27 15:29:36 +10:00
rdma lockable: Replace locks with lock guard macros 2020-05-04 16:07:43 +01:00
riscv hw: Use QEMU_IS_ALIGNED() on parallel flash block size 2020-05-18 19:05:25 +02:00
rtc qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
s390x various: Remove unnecessary OBJECT() cast 2020-05-15 07:08:14 +02:00
scsi qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
sd qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
semihosting semihosting: add qemu_semihosting_console_inc for SYS_READC 2020-01-09 11:41:29 +00:00
sh4 hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
smbios hw/smbios/smbios: Remove unused include 2020-02-06 10:38:57 +01:00
sparc qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
sparc64 qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
ssi qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
timer hw/timer/exynos4210_mct: Replace hw_error() by qemu_log_mask() 2020-05-21 22:05:27 +01:00
tpm hw/tpm: fix usage of bool in tpm-tis.c 2020-05-12 11:47:24 -04:00
tricore hw: Do not initialize MachineClass::is_default to 0 2020-02-28 14:57:19 -05:00
unicore32 hw: Make MachineClass::is_default a boolean type 2020-02-28 14:57:19 -05:00
usb qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
vfio vfio/nvlink: Remove exec permission to avoid SELinux AVCs 2020-05-27 15:29:36 +10:00
virtio qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
watchdog hw/watchdog: Implement full i.MX watchdog support 2020-05-21 20:00:18 +01:00
xen hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
xenpv trivial: Remove xenfb_enabled from sysemu.h 2020-02-04 09:00:57 +01:00
xtensa hw/xtensa/xtfpga:fix leak of fdevice tree blob 2020-02-19 10:33:38 +01:00
Kconfig Remove the core bluetooth code 2019-12-17 09:01:14 +01:00
Makefile.objs Remove the core bluetooth code 2019-12-17 09:01:14 +01:00