On Fri, May 14, 2021 at 2:07 PM Yongji Xie <xieyongji at bytedance.com>
wrote:>
> On Fri, May 14, 2021 at 12:27 AM Stefan Hajnoczi <stefanha at
redhat.com> wrote:
> >
> > On Fri, Apr 23, 2021 at 04:09:35PM +0800, Jason Wang wrote:
> > > Sometimes, the driver doesn't trust the device. This is
usually
> > > happens for the encrtpyed VM or VDUSE[1].
> >
> > Thanks for doing this.
> >
> > Can you describe the overall memory safety model that virtio drivers
> > must follow? For example:
> >
> > - Driver-to-device buffers must be on dedicated pages to avoid
> > information leaks.
> >
> > - Driver-to-device buffers must be on dedicated pages to avoid memory
> > corruption.
> >
> > When I say "pages" I guess it's the IOMMU page size that
matters?
> >
> > What is the memory access granularity of VDUSE?
> >
>
> Now we use PAGE_SIZE as the access granularity. I think it should be
> safe to access the Driver-to-device buffers in VDUSE case because we
> also use bounce-buffering mechanism like swiotlb does.
>
> Thanks,
> Yongji
>
Yes, while at this, I wonder it's possible the re-use the swiotlb
codes for VDUSE, or having some common library for this. Otherwise
there would be duplicated codes (bugs).
Thanks