Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted

From: Michael S. Tsirkin
Date: Sun Aug 11 2019 - 04:44:19 EST

Next message: Michael S. Tsirkin: "Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Previous message: Jonathan Cameron: "Re: [PATCH] staging: iio: accel: adis16240: Improve readability on write_raw function"
In reply to: Ram Pai: "RE: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Next in thread: Michael S. Tsirkin: "Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Aug 11, 2019 at 07:56:07AM +0200, Christoph Hellwig wrote:
> And once again this is entirely going in the wrong direction. The only
> way using the DMA API is going to work at all is if the device is ready
> for it.

So the point made is that if DMA addresses are also physical addresses
(not necessarily the same physical addresses that driver supplied), then
DMA API actually works even though device itself uses CPU page tables.

To put it in other terms: it would be possible to make all or part of
memory unenecrypted and then have virtio access all of it. SEV guests
at the moment make a decision to instead use a bounce buffer, forcing an
extra copy but gaining security.

--
MST

Next message: Michael S. Tsirkin: "Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Previous message: Jonathan Cameron: "Re: [PATCH] staging: iio: accel: adis16240: Improve readability on write_raw function"
In reply to: Ram Pai: "RE: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Next in thread: Michael S. Tsirkin: "Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]