On 21/10/2015 19:07, Sasha Levin wrote: > On 10/19/2015 11:15 AM, Dmitry Vyukov wrote: >> But still: if result of a racy read is passed to guest, that can leak >> arbitrary host data into guest. > > I see what you're saying. I don't... how can it leak arbitrary host data? The memcpy cannot write out of bounds. > I need to think about it a bit, maybe we do need locking > for each of the virtio devices we emulate. No, it's unnecessary. The guest is racing against itself. Races like this one do mean that the MSIX PBA and table are untrusted data, but as long as you do not use the untrusted data to e.g. index an array it's fine. Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
