Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted

From: Christoph Hellwig
Date: Mon Aug 12 2019 - 08:15:42 EST

Next message: syzbot: "KASAN: slab-out-of-bounds Read in ld_usb_read"
Previous message: Bartlomiej Zolnierkiewicz: "Re: [PATCH v4] ata/pata_buddha: Probe via modalias instead of initcall"
In reply to: Michael S. Tsirkin: "Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Next in thread: David Gibson: "Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Aug 11, 2019 at 04:55:27AM -0400, Michael S. Tsirkin wrote:
> On Sun, Aug 11, 2019 at 07:56:07AM +0200, Christoph Hellwig wrote:
> > So we need a flag on the virtio device, exposed by the
> > hypervisor (or hardware for hw virtio devices) that says: hey, I'm real,
> > don't take a shortcut.
>
> The point here is that it's actually still not real. So we would still
> use a physical address. However Linux decides that it wants extra
> security by moving all data through the bounce buffer. The distinction
> made is that one can actually give device a physical address of the
> bounce buffer.

Sure. The problem is just that you keep piling hacks on top of hacks.
We need the per-device flag anyway to properly support hardware virtio
device in all circumstances. Instead of coming up with another ad-hoc
hack to force DMA uses implement that one proper bit and reuse it here.

Next message: syzbot: "KASAN: slab-out-of-bounds Read in ld_usb_read"
Previous message: Bartlomiej Zolnierkiewicz: "Re: [PATCH v4] ata/pata_buddha: Probe via modalias instead of initcall"
In reply to: Michael S. Tsirkin: "Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Next in thread: David Gibson: "Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]