Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest

From: Jason Wang
Date: Thu Jun 03 2021 - 22:29:59 EST

Next message: Alex Shi: "Re: [PATCH] [v5] docs/zh_CN: add translations in zh_CN/dev-tools/kasan"
Previous message: Ian Kent: "Re: [REPOST PATCH v4 1/5] kernfs: move revalidate to be near lookup"
In reply to: Andi Kleen: "Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest"
Next in thread: Andy Lutomirski: "Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

在 2021/6/3 下午9:55, Andi Kleen 写道:

Ok, but what I meant is this, if we don't read from the descriptor ring, and validate all the other metadata supplied by the device (used id and len). Then there should be no way for the device to suppress the dma flags to write to the indirect descriptor table.

Or do you have an example how it can do that?

I don't. If you can validate everything it's probably ok

The only drawback is even more code to audit and test.

-Andi

Ok, then I'm going to post a formal series, please have a look and we can start from there.

Thanks

Next message: Alex Shi: "Re: [PATCH] [v5] docs/zh_CN: add translations in zh_CN/dev-tools/kasan"
Previous message: Ian Kent: "Re: [REPOST PATCH v4 1/5] kernfs: move revalidate to be near lookup"
In reply to: Andi Kleen: "Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest"
Next in thread: Andy Lutomirski: "Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]