From: Sasha Levin <sasha.levin@oracle.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Sasha Levin <levinsasha928@gmail.com>,
Pekka Enberg <penberg@kernel.org>,
Asias He <asias.hejun@gmail.com>,
penberg@cs.helsinki.fi, Cyrill Gorcunov <gorcunov@gmail.com>,
Will Deacon <will.deacon@arm.com>,
andre.przywara@arm.com, matt@ozlabs.org, laijs@cn.fujitsu.com,
Michael Ellerman <michael@ellerman.id.au>,
Prasad Joshi <prasadjoshi124@gmail.com>,
marc.zyngier@arm.com,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
mingo@elte.hu, gorcunov@openvz.org,
andreas.herrmann@caviumnetworks.com, kvm@vger.kernel.org,
Kostya Serebryany <kcc@google.com>,
Evgenii Stepanov <eugenis@google.com>,
Alexey Samsonov <samsonov@google.com>,
Alexander Potapenko <glider@google.com>
Subject: Re: sanitizing kvmtool
Date: Mon, 19 Oct 2015 10:35:51 -0400 [thread overview]
Message-ID: <5624FFC7.2010301@oracle.com> (raw)
In-Reply-To: <CACT4Y+ZwLTrUBEC6-EmEnvdtKZcYsdhwEjq-yLztqiZo-ejOAg@mail.gmail.com>
On 10/19/2015 10:24 AM, Dmitry Vyukov wrote:
> On Mon, Oct 19, 2015 at 4:19 PM, Sasha Levin <sasha.levin@oracle.com> wrote:
>> > On 10/19/2015 04:37 AM, Dmitry Vyukov wrote:
>>>> >>> So in this case (and most of the other data race cases described in the full log) it
>>>>> >>> > seems like ThreadSanitizer is mixing with different accesses by the guest to one underlying
>>>>> >>> > block of memory on the host.
>>>>> >>> >
>>>>> >>> > Here, for example, T55 accesses the msix block of the virtio-net PCI device, and T58 is accessing
>>>>> >>> > the virtqueue exposed by that device. While they both get to the same block of memory inside
>>> >> I don't understand this.
>>> >> Do you mean that this is a false positive? Or it is a real issue in lkvm?
>> >
>> > I suspect it's a false positive because ThreadSanitizer sees the memory as one big
>> > block, but the logic that makes sure we don't race here is within the guest vm, which
>> > ThreadSanitizer doesn't see.
>
> But isn't the task of a hypervisor to sandbox the guest OS and to not
> trust it in any way, shape or form? What if the guest VM intentionally
> omits the synchronization? Can it exploit the host?
Right, the memory areas that are accessed both by the hypervisor and the guest
should be treated as untrusted input, but the hypervisor is supposed to validate
the input carefully before using it - so I'm not sure how data races would
introduce anything new that we didn't catch during validation.
Thanks,
Sasha
next prev parent reply other threads:[~2015-10-19 14:36 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CACT4Y+ZX71GiGzDrk4hSYVrWdoZ1eoPBdUYR_z4jY-mgOCZCuA@mail.gmail.com>
2015-10-15 10:23 ` sanitizing kvmtool Dmitry Vyukov
2015-10-17 14:16 ` Sasha Levin
2015-10-19 8:37 ` Dmitry Vyukov
2015-10-19 14:19 ` Sasha Levin
2015-10-19 14:24 ` Dmitry Vyukov
2015-10-19 14:35 ` Sasha Levin [this message]
2015-10-19 14:47 ` Dmitry Vyukov
2015-10-19 15:08 ` Sasha Levin
2015-10-19 15:15 ` Dmitry Vyukov
2015-10-21 17:07 ` Sasha Levin
2015-10-25 9:13 ` Dmitry Vyukov
2015-10-25 15:19 ` Paolo Bonzini
2015-10-25 19:06 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5624FFC7.2010301@oracle.com \
--to=sasha.levin@oracle.com \
--cc=andre.przywara@arm.com \
--cc=andreas.herrmann@caviumnetworks.com \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=asias.hejun@gmail.com \
--cc=dvyukov@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=gorcunov@gmail.com \
--cc=gorcunov@openvz.org \
--cc=kcc@google.com \
--cc=kvm@vger.kernel.org \
--cc=laijs@cn.fujitsu.com \
--cc=levinsasha928@gmail.com \
--cc=marc.zyngier@arm.com \
--cc=matt@ozlabs.org \
--cc=michael@ellerman.id.au \
--cc=mingo@elte.hu \
--cc=penberg@cs.helsinki.fi \
--cc=penberg@kernel.org \
--cc=prasadjoshi124@gmail.com \
--cc=samsonov@google.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).