qemu-ppc
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-ppc] [PATCH] spapr-vscsi: Adding VSCSI capabilities

From: Paolo Bonzini
Subject: Re: [Qemu-ppc] [PATCH] spapr-vscsi: Adding VSCSI capabilities
Date: Mon, 26 Aug 2013 15:37:16 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8 
Il 25/08/2013 22:51, Benjamin Herrenschmidt ha scritto:
> On Sun, 2013-08-25 at 17:41 +0100, Alexander Graf wrote:
>>
>> While I don't think any harm could happen from it, this could lead to
>> a potential timing attack where we read and write from different
>> locations in memory if the guest swizzles the request while we're
>> processing it.
>>
>> It's certainly better style (read: makes it easier to prove this
>> doesn't happen when it really is important) to read the variables into
>> local variables and reuse them there. In this case it mostly helps
>> readability to make sure here and below are the same variables.
> 
> Ugh... It's not better style at all, it's also less efficient and the
> "attack" you talk about doesn't exist... All the guest can do is shoot
> itself in the foot.

There are certainly cases where time-of-check-to-time-of-use
vulnerability could make QEMU access uninitialized memory (or worse,
out-of-bounds arrays).  For example, you could try racing the host on
the length of a scatter/gather list.

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]