From 9c3166237dc8b7250822aee0915e05b569a0a412 Mon Sep 17 00:00:00 2001
From: Sebastien Boeuf <sebastien.boeuf@intel.com>
Date: Mon, 17 Feb 2020 10:38:39 +0100
Subject: [PATCH] vmm: Prevent memory overcommitment through virtio-fs shared
 regions

When a virtio-fs device is created with a dedicated shared region, by
default the region should be mapped as PROT_NONE so that no pages can be
faulted in.

It's only when the guest performs the mount of the virtiofs filesystem
that we can expect the VMM, on behalf of the backend, to perform some
new mappings in the reserved shared window, using PROT_READ and/or
PROT_WRITE.

Fixes #763

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
(cherry picked from commit 3edc2bd6ab33299b88c9cf6ed6ca50292ec3fea5)
---
 vmm/src/device_manager.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/vmm/src/device_manager.rs b/vmm/src/device_manager.rs
index 1fe145974..a6d6dad0e 100644
--- a/vmm/src/device_manager.rs
+++ b/vmm/src/device_manager.rs
@@ -1028,8 +1028,13 @@ impl DeviceManager {
                             )
                             .ok_or(DeviceManagerError::FsRangeAllocation)?;
 
-                        let mmap_region = MmapRegion::new(fs_cache as usize)
-                            .map_err(DeviceManagerError::NewMmapRegion)?;
+                        let mmap_region = MmapRegion::build(
+                            None,
+                            fs_cache as usize,
+                            libc::PROT_NONE,
+                            libc::MAP_ANONYMOUS | libc::MAP_PRIVATE,
+                        )
+                        .map_err(DeviceManagerError::NewMmapRegion)?;
                         let addr: u64 = mmap_region.as_ptr() as u64;
 
                         self._mmap_regions.push(mmap_region);