commit | 0584fe9fb2694fad6dc841a8215e8017c18b19c7 | [log] [tgz] |
---|---|---|
author | Dylan Reid <dgreid@chromium.org> | Tue Jun 20 10:15:51 2017 -0700 |
committer | chrome-bot <chrome-bot@chromium.org> | Tue Jun 27 00:20:33 2017 -0700 |
tree | 0180ba9aaec5211b367b2656775a82dac2fe736f | |
parent | 045c7133dd22e4cc5fe62af136c15b04a8b8a485 [diff] |
Limit types that can be read from guest memory Not all types are safe to read from guest memory. Any type with a reference or pointer will be initialized to random bits that don't refer to a valid address. This can cause dangling pointer and general unsafe behavior. To fix this, limit types that can be read with read_obj to those that implement the unsafe trait `DataInit`. Provide implementations of `DataInit` for intrinsic types that are obviously safe to initialize with random data. Implement the needed traits for bootparam types as they are read from the kernel image directly. Change-Id: I1040f5bc1b2fc4c58c87d8a2ce3f618edcf6f9b1 Signed-off-by: Dylan Reid <dgreid@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/540750 Reviewed-by: Zach Reizner <zachr@chromium.org>
This component, known as crosvm, runs untrusted operating systems along with virtualized devices. No actual hardware is emulated. This only runs VMs through the Linux's KVM interface. What makes crosvm unique is a focus on safety within the programming language and a sandbox around the virtual devices to protect the kernel from attack in case of an exploit in the devices.
The crosvm source code is organized into crates, each with their own unit tests. These crates are:
kvm-sys
low-level (mostly) auto-generated structures and constants for using KVMkvm
unsafe, low-level wrapper code for using kvm-syscrosvm
the top-level binary front-end for using crosvmCurrently there is no front-end, so the best you can do is run cargo test
in each crate.