On Wed, Mar 02, 2022 at 05:32:07PM +0100, Jason A. Donenfeld wrote: > Hi Michael, > > On Wed, Mar 02, 2022 at 11:22:46AM -0500, Michael S. Tsirkin wrote: > > > Because that 16 byte read of vmgenid is not atomic. Let's say you read > > > the first 8 bytes, and then the VM is forked. > > > > But at this point when VM was forked plaintext key and nonce are all in > > buffer, and you previously indicated a fork at this point is harmless. > > You wrote "If it changes _after_ that point of check ... it doesn't > > matter:" > > Ahhh, fair point. I think you're right. > > Alright, so all we're talking about here is an ordinary 16-byte read, > and 16 bytes of storage per keypair, and a 16-byte comparison. > > Still seems much worse than just having a single word... > > Jason And it is, I saw a 30% higher overhead, it is however 30% of a very low number ;) -- MST
