On 29.01.2018 22:13, Ken Hofsass wrote:
> Thanks David! incorporating all your comments... have a question on
> the one excerpted below.
>
> On Mon, Jan 29, 2018 at 1:30 AM, David Hildenbrand <david@xxxxxxxxxx> wrote:
> ...
>>> +/* kvm_sync_regs struct included by kvm_run struct */
>>> struct kvm_sync_regs {
>>> + /* Members of this structure are potentially malicious.
>>> + * Care must be taken by code reading, esp. interpreting,
>>> + * data fields from them inside KVM to prevent TOCTOU and
>>> + * double-fetch types of vulnerabilities.
>>> + */
>>> + struct kvm_regs regs;
>>> + struct kvm_sregs sregs;
>>> + struct kvm_vcpu_events events;
>>
>> Will all of these be aligned in a way so we don't need any reserved
>> fields in between?
>>
>> sizeof(struct kvm_sync_regs) == siezeof(struct kvm_regs) + ...
>
> The kvm_sync_regs member structs (kvm_regs, kvm_sregs,
> kvm_vcpu_events) all appear to be explicitly padded to 8-byte bounds.
> And in turn, kvm_sync_regs is wrapped by the union with 2048-byte padding array.
>
> Were you simply asking me to confirm those sizes? If not, please
> provide a bit more detail on your concern.
Exactly that's what I wanted do have :)
Thanks!
>
> thanks again,
> Ken
>
--
Thanks,
David / dhildenb
