Re: [RFC 0/7] Support in-kernel DMA with PASID and SVA
From: Jacob Pan
Date: Thu Oct 07 2021 - 15:07:47 EST
Hi Barry,
On Thu, 7 Oct 2021 18:43:33 +1300, Barry Song <21cnbao@xxxxxxxxx> wrote:
> > > Security-wise, KVA respects kernel mapping. So permissions are better
> > > enforced than pass-through and identity mapping.
> >
> > Is this meaningful? Isn't the entire physical map still in the KVA and
> > isn't it entirely RW ?
>
> Some areas are RX, for example, ARCH64 supports KERNEL_TEXT_RDONLY.
> But the difference is really minor.
That brought up a good point if we were to use DMA API to give out KVA as
dma_addr for trusted devices. We cannot satisfy DMA direction requirements
since we can't change kernel mapping. It will be similar to DMA direct
where dir is ignored AFAICT.
Or we are saying if the device is trusted, using pass-through is allowed.
i.e. physical address.
Thoughts?
Thanks,
Jacob