Re: Re: [RFC PATCH V2 0/7] Do not read from descripto ring

From: Yongji Xie
Date: Fri May 14 2021 - 02:07:16 EST

Next message: Mika Westerberg: "Re: [PATCH v2 07/10] thunderbolt: test: Remove sone casts which are no longer required"
Previous message: Roger Lu: "Re: [PATCH v16 3/7] soc: mediatek: SVS: introduce MTK SVS engine"
In reply to: Stefan Hajnoczi: "Re: [RFC PATCH V2 0/7] Do not read from descripto ring"
Next in thread: Jason Wang: "Re: Re: [RFC PATCH V2 0/7] Do not read from descripto ring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 14, 2021 at 12:27 AM Stefan Hajnoczi <stefanha@xxxxxxxxxx> wrote:
>
> On Fri, Apr 23, 2021 at 04:09:35PM +0800, Jason Wang wrote:
> > Sometimes, the driver doesn't trust the device. This is usually
> > happens for the encrtpyed VM or VDUSE[1].
>
> Thanks for doing this.
>
> Can you describe the overall memory safety model that virtio drivers
> must follow? For example:
>
> - Driver-to-device buffers must be on dedicated pages to avoid
> information leaks.
>
> - Driver-to-device buffers must be on dedicated pages to avoid memory
> corruption.
>
> When I say "pages" I guess it's the IOMMU page size that matters?
>
> What is the memory access granularity of VDUSE?
>

Now we use PAGE_SIZE as the access granularity. I think it should be
safe to access the Driver-to-device buffers in VDUSE case because we
also use bounce-buffering mechanism like swiotlb does.

Thanks,
Yongji

Next message: Mika Westerberg: "Re: [PATCH v2 07/10] thunderbolt: test: Remove sone casts which are no longer required"
Previous message: Roger Lu: "Re: [PATCH v16 3/7] soc: mediatek: SVS: introduce MTK SVS engine"
In reply to: Stefan Hajnoczi: "Re: [RFC PATCH V2 0/7] Do not read from descripto ring"
Next in thread: Jason Wang: "Re: Re: [RFC PATCH V2 0/7] Do not read from descripto ring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]