On Wed, Mar 02, 2022 at 04:36:49PM +0100, Jason A. Donenfeld wrote: > Hi Michael, > > On Wed, Mar 02, 2022 at 10:20:25AM -0500, Michael S. Tsirkin wrote: > > So writing some code: > > > > 1: > > put plaintext in a buffer > > put a key in a buffer > > put the nonce for that encryption in a buffer > > > > if vm gen id != stored vm gen id > > stored vm gen id = vm gen id > > goto 1 > > > > I think this is race free, but I don't see why does it matter whether we > > read gen id atomically or not. > > Because that 16 byte read of vmgenid is not atomic. Let's say you read > the first 8 bytes, and then the VM is forked.
But at this point when VM was forked plaintext key and nonce are all in buffer, and you previously indicated a fork at this point is harmless. You wrote "If it changes _after_ that point of check ... it doesn't matter:" > In the forked VM, the next > 8 bytes are the same as last time, but the first 8 bytes, which you > already read, have changed. In that case, your != becomes a ==, and the > test fails. Yes I'm aware what an atomic read is. If the read is not atomic a part of value can change ;) -- MST
