Re: [PATCH 0/7] Do not read from descriptor ring

From: Jason Wang
Date: Wed Jun 09 2021 - 23:14:41 EST



在 2021/6/9 上午12:24, Andy Lutomirski 写道:
On 6/3/21 10:53 PM, Jason Wang wrote:
Hi:

The virtio driver should not trust the device. This beame more urgent
for the case of encrtpyed VM or VDUSE[1]. In both cases, technology
like swiotlb/IOMMU is used to prevent the poking/mangling of memory
from the device. But this is not sufficient since current virtio
driver may trust what is stored in the descriptor table (coherent
mapping) for performing the DMA operations like unmap and bounce so
the device may choose to utilize the behaviour of swiotlb to perform
attacks[2].
Based on a quick skim, this looks entirely reasonable to me.

(I'm not a virtio maintainer or expert. I got my hands very dirty with
virtio once dealing with the DMA mess, but that's about it.)

--Andy


Good to know that :)

Thanks