On 10/25/2015 11:19 AM, Paolo Bonzini wrote:
>
>
> On 21/10/2015 19:07, Sasha Levin wrote:
>> On 10/19/2015 11:15 AM, Dmitry Vyukov wrote:
>>> But still: if result of a racy read is passed to guest, that can leak
>>> arbitrary host data into guest.
>>
>> I see what you're saying.
>
> I don't... how can it leak arbitrary host data? The memcpy cannot write
> out of bounds.
The issue I had in mind (simplified) is:
vcpu1 vcpu2
----------------------------------------
guest writes idx
check if idx is valid
guest writes new idx
access (guest mem + idx)
So I'm not sure if cover both the locking, and potential compiler tricks
sufficiently enough to prevent that scenario.
Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
