Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
From: Christoph Hellwig
Date: Mon Aug 12 2019 - 08:15:42 EST
On Sun, Aug 11, 2019 at 04:55:27AM -0400, Michael S. Tsirkin wrote:
> On Sun, Aug 11, 2019 at 07:56:07AM +0200, Christoph Hellwig wrote:
> > So we need a flag on the virtio device, exposed by the
> > hypervisor (or hardware for hw virtio devices) that says: hey, I'm real,
> > don't take a shortcut.
>
> The point here is that it's actually still not real. So we would still
> use a physical address. However Linux decides that it wants extra
> security by moving all data through the bounce buffer. The distinction
> made is that one can actually give device a physical address of the
> bounce buffer.
Sure. The problem is just that you keep piling hacks on top of hacks.
We need the per-device flag anyway to properly support hardware virtio
device in all circumstances. Instead of coming up with another ad-hoc
hack to force DMA uses implement that one proper bit and reuse it here.