Re: [PATCH RFC] fixup! virtio: convert to use DMA api

From: Michael S. Tsirkin
Date: Tue Apr 19 2016 - 13:49:59 EST

Next message: Jeff Layton: "Re: [PATCH 3/6] cifs: quit playing games with draining iovecs"
Previous message: Shi, Yang: "KASAN can't change FRAME_WARN"
In reply to: David Woodhouse: "Re: [PATCH RFC] fixup! virtio: convert to use DMA api"
Next in thread: Andy Lutomirski: "Re: [PATCH RFC] fixup! virtio: convert to use DMA api"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 19, 2016 at 12:26:44PM -0400, David Woodhouse wrote:
> On Tue, 2016-04-19 at 19:20 +0300, Michael S. Tsirkin wrote:
> >
> > > I thought that PLATFORM served that purpose. Woudn't the host
> > > advertise PLATFORM support and, if the guest doesn't ack it, the host
> > > device would skip translation? Or is that problematic for vfio?
> >
> > Exactly that's problematic for security.
> > You can't allow guest driver to decide whether device skips security.
>
> Right. Because fundamentally, this *isn't* a property of the endpoint
> device, and doesn't live in virtio itself.
>
> It's a property of the platform IOMMU, and lives there.

It's a property of the hypervisor virtio implementation, and lives there.

--
MST

Next message: Jeff Layton: "Re: [PATCH 3/6] cifs: quit playing games with draining iovecs"
Previous message: Shi, Yang: "KASAN can't change FRAME_WARN"
In reply to: David Woodhouse: "Re: [PATCH RFC] fixup! virtio: convert to use DMA api"
Next in thread: Andy Lutomirski: "Re: [PATCH RFC] fixup! virtio: convert to use DMA api"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]