From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: sanitizing kvmtool
Date: Sun, 25 Oct 2015 16:19:26 +0100
Message-ID: <562CF2FE.3070308@redhat.com>
References: <CACT4Y+ZX71GiGzDrk4hSYVrWdoZ1eoPBdUYR_z4jY-mgOCZCuA@mail.gmail.com>
 <5622583D.2060006@oracle.com>
 <CACT4Y+YyoukPjTqb+1RD2HKm2auO0CbHTT7Ov7FQm43MWtmLYw@mail.gmail.com>
 <5624FBF4.20201@oracle.com>
 <CACT4Y+ZwLTrUBEC6-EmEnvdtKZcYsdhwEjq-yLztqiZo-ejOAg@mail.gmail.com>
 <5624FFC7.2010301@oracle.com>
 <CACT4Y+b_mF+CcY3VAPPH6w+YEkd3UaKXfjK6b5CHYgDy2TGnCg@mail.gmail.com>
 <5625075F.4010508@oracle.com>
 <CACT4Y+Yr7+EqM2L_8AALYnuhsBvwr_r6BdTXL_PStK+V-Ve7CQ@mail.gmail.com>
 <5627C659.6030000@oracle.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Cc: Sasha Levin <levinsasha928@gmail.com>,
	Pekka Enberg <penberg@kernel.org>,
	Asias He <asias.hejun@gmail.com>, penberg@cs.helsinki.fi,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Will Deacon <will.deacon@arm.com>, andre.przywara@arm.com,
	matt@ozlabs.org, laijs@cn.fujitsu.com,
	Michael Ellerman <michael@ellerman.id.au>,
	Prasad Joshi <prasadjoshi124@gmail.com>, marc.zyngier@arm.com,
	"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
	mingo@elte.hu, gorcunov@openvz.org,
	andreas.herrmann@caviumnetworks.com, kvm@vger.kernel.org,
	Kostya Serebryany <kcc@google.com>,
	Evgenii Stepanov <eugenis@google.com>,
	Alexey Samsonov <samsonov@google.com>,
	Alexander Potapenko <glider@google.com>
To: Sasha Levin <sasha.levin@oracle.com>,
	Dmitry Vyukov <dvyukov@google.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-wi0-f173.google.com ([209.85.212.173]:38666 "EHLO
	mail-wi0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751552AbbJYPTj (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 25 Oct 2015 11:19:39 -0400
Received: by wicll6 with SMTP id ll6so84183348wic.1
        for <kvm@vger.kernel.org>; Sun, 25 Oct 2015 08:19:38 -0700 (PDT)
In-Reply-To: <5627C659.6030000@oracle.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>



On 21/10/2015 19:07, Sasha Levin wrote:
> On 10/19/2015 11:15 AM, Dmitry Vyukov wrote:
>> But still: if result of a racy read is passed to guest, that can leak
>> arbitrary host data into guest.
> 
> I see what you're saying.

I don't... how can it leak arbitrary host data?  The memcpy cannot write
out of bounds.

> I need to think about it a bit, maybe we do need locking
> for each of the virtio devices we emulate.

No, it's unnecessary.  The guest is racing against itself.  Races like
this one do mean that the MSIX PBA and table are untrusted data, but as
long as you do not use the untrusted data to e.g. index an array it's fine.

Paolo