On Mon, 2013-08-26 at 15:37 +0200, Paolo Bonzini wrote: > There are certainly cases where time-of-check-to-time-of-use > vulnerability could make QEMU access uninitialized memory (or worse, > out-of-bounds arrays). For example, you could try racing the host on > the length of a scatter/gather list.
Sure, and I mentioned that too, the latest patch from Nikunj addresses it, I still think however that it's not a good practice to copy everything, then do the byteswaps on the result (and it defeats use of sparse for endian checking if we ever want to do that). Ben.
