Skip to content

[fix] Make sure mmaped memory is not mapped writeable into sandbox in kvm #740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 30, 2025
Merged

[fix] Make sure mmaped memory is not mapped writeable into sandbox in kvm #740

merged 1 commit into from
Jul 30, 2025

Conversation

ludfjig
Copy link
Contributor

@ludfjig ludfjig commented Jul 29, 2025
edited
Loading

Writes into mmaped regions was accidentally possible on kvm.

KVM_MEM_READONLY was confirmed to be RX by testing hyperlight-wasm on this commit, which worked fine. EDIT: Now also tested in test here

Also adds a test which would currently fail, but now passes

@ludfjig ludfjig added the kind/bugfix For PRs that fix bugs label Jul 29, 2025
@ludfjig ludfjig changed the title [fix] Make sure memory is not mapped writeable into sandbox in kvm [fix] Make sure mmaped memory is not mapped writeable into sandbox in kvm Jul 29, 2025
@ludfjig ludfjig force-pushed the kvm_mmap_permission branch 5 times, most recently from cebf884 to 8e437c1 Compare July 29, 2025 22:27
simongdavies
simongdavies previously approved these changes Jul 30, 2025
View reviewed changes
syntactically
syntactically previously approved these changes Jul 30, 2025
View reviewed changes
@ludfjig ludfjig dismissed stale reviews from syntactically and simongdavies via 0124549 July 30, 2025 19:00
@ludfjig ludfjig force-pushed the kvm_mmap_permission branch from 8e437c1 to 0124549 Compare July 30, 2025 19:00
@ludfjig ludfjig force-pushed the kvm_mmap_permission branch from 0124549 to 0833407 Compare July 30, 2025 19:01
syntactically
syntactically approved these changes Jul 30, 2025
View reviewed changes
Copy link
Member

@syntactically syntactically left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ludfjig ludfjig merged commit dfe7772 into hyperlight-dev:main Jul 30, 2025
60 of 64 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@syntactically syntactically syntactically approved these changes

@simongdavies simongdavies simongdavies left review comments

@danbugs danbugs Awaiting requested review from danbugs danbugs is a code owner

@dblnz dblnz Awaiting requested review from dblnz dblnz is a code owner

@devigned devigned Awaiting requested review from devigned devigned is a code owner

@marosset marosset Awaiting requested review from marosset marosset is a code owner

@jprendes jprendes Awaiting requested review from jprendes jprendes is a code owner

Assignees
No one assigned
Labels
kind/bugfix For PRs that fix bugs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ludfjig @simongdavies @syntactically