On 6/3/21 10:53 PM, Jason Wang wrote:
Hi:Based on a quick skim, this looks entirely reasonable to me.
The virtio driver should not trust the device. This beame more urgent
for the case of encrtpyed VM or VDUSE[1]. In both cases, technology
like swiotlb/IOMMU is used to prevent the poking/mangling of memory
from the device. But this is not sufficient since current virtio
driver may trust what is stored in the descriptor table (coherent
mapping) for performing the DMA operations like unmap and bounce so
the device may choose to utilize the behaviour of swiotlb to perform
attacks[2].
(I'm not a virtio maintainer or expert. I got my hands very dirty with
virtio once dealing with the DMA mess, but that's about it.)
--Andy