Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted

From: Michael S. Tsirkin
Date: Sun Aug 11 2019 - 04:44:19 EST


On Sun, Aug 11, 2019 at 07:56:07AM +0200, Christoph Hellwig wrote:
> And once again this is entirely going in the wrong direction. The only
> way using the DMA API is going to work at all is if the device is ready
> for it.

So the point made is that if DMA addresses are also physical addresses
(not necessarily the same physical addresses that driver supplied), then
DMA API actually works even though device itself uses CPU page tables.


To put it in other terms: it would be possible to make all or part of
memory unenecrypted and then have virtio access all of it. SEV guests
at the moment make a decision to instead use a bounce buffer, forcing an
extra copy but gaining security.

--
MST