From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33885) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VDhIK-0000ZR-8T for qemu-devel@nongnu.org; Sun, 25 Aug 2013 16:52:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VDhIE-0008Hg-3X for qemu-devel@nongnu.org; Sun, 25 Aug 2013 16:52:20 -0400 Message-ID: <1377463908.3819.24.camel@pasglop> From: Benjamin Herrenschmidt Date: Mon, 26 Aug 2013 06:51:48 +1000 In-Reply-To: <24C2B209-2082-4AF8-A8FB-1FF8A8B7751B@suse.de> References: <1377249737-12570-1-git-send-email-aik@ozlabs.ru> <24C2B209-2082-4AF8-A8FB-1FF8A8B7751B@suse.de> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] spapr-vscsi: Adding VSCSI capabilities List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Alexander Graf Cc: Alexey Kardashevskiy , Paolo Bonzini , qemu-ppc@nongnu.org, qemu-devel@nongnu.org, Nikunj A Dadhania On Sun, 2013-08-25 at 17:41 +0100, Alexander Graf wrote: > > While I don't think any harm could happen from it, this could lead to > a potential timing attack where we read and write from different > locations in memory if the guest swizzles the request while we're > processing it. > > It's certainly better style (read: makes it easier to prove this > doesn't happen when it really is important) to read the variables into > local variables and reuse them there. In this case it mostly helps > readability to make sure here and below are the same variables. Ugh... It's not better style at all, it's also less efficient and the "attack" you talk about doesn't exist... All the guest can do is shoot itself in the foot. Ben.