On 10/25/2015 11:19 AM, Paolo Bonzini wrote: > > > On 21/10/2015 19:07, Sasha Levin wrote: >> On 10/19/2015 11:15 AM, Dmitry Vyukov wrote: >>> But still: if result of a racy read is passed to guest, that can leak >>> arbitrary host data into guest. >> >> I see what you're saying. > > I don't... how can it leak arbitrary host data? The memcpy cannot write > out of bounds. The issue I had in mind (simplified) is: vcpu1 vcpu2 ---------------------------------------- guest writes idx check if idx is valid guest writes new idx access (guest mem + idx) So I'm not sure if cover both the locking, and potential compiler tricks sufficiently enough to prevent that scenario. Thanks, Sasha -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
