Hi Michael, On Wed, Mar 02, 2022 at 11:22:46AM -0500, Michael S. Tsirkin wrote: > > Because that 16 byte read of vmgenid is not atomic. Let's say you read > > the first 8 bytes, and then the VM is forked. > > But at this point when VM was forked plaintext key and nonce are all in > buffer, and you previously indicated a fork at this point is harmless. > You wrote "If it changes _after_ that point of check ... it doesn't > matter:" Ahhh, fair point. I think you're right. Alright, so all we're talking about here is an ordinary 16-byte read, and 16 bytes of storage per keypair, and a 16-byte comparison. Still seems much worse than just having a single word... Jason
