On Wed, Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote:> That would still not work I think where swiotlb is used for pass-thr devices > (when private memory is fine) as well as virtio devices (when shared memory is > required).So that is a separate question. When there are multiple untrusted devices, at the moment it looks like a single bounce buffer is used. Which to me seems like a security problem, I think we should protect untrusted devices from each other.> -- > QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member > of Code Aurora Forum, hosted by The Linux Foundation
On 29.04.20 12:20, Michael S. Tsirkin wrote:> On Wed, Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote: >> That would still not work I think where swiotlb is used for pass-thr devices >> (when private memory is fine) as well as virtio devices (when shared memory is >> required). > > So that is a separate question. When there are multiple untrusted > devices, at the moment it looks like a single bounce buffer is used. > > Which to me seems like a security problem, I think we should protect > untrusted devices from each other. >Definitely. That's the model we have for ivshmem-virtio as well. Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux
On Wed, Apr 29, 2020 at 12:26:43PM +0200, Jan Kiszka wrote:> On 29.04.20 12:20, Michael S. Tsirkin wrote: > > On Wed, Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote: > > > That would still not work I think where swiotlb is used for pass-thr devices > > > (when private memory is fine) as well as virtio devices (when shared memory is > > > required). > > > > So that is a separate question. When there are multiple untrusted > > devices, at the moment it looks like a single bounce buffer is used. > > > > Which to me seems like a security problem, I think we should protect > > untrusted devices from each other. > > > > Definitely. That's the model we have for ivshmem-virtio as well. > > JanWant to try implementing that?> -- > Siemens AG, Corporate Technology, CT RDA IOT SES-DE > Corporate Competence Center Embedded Linux
On Wed, Apr 29, 2020 at 06:20:48AM -0400, Michael S. Tsirkin wrote:> On Wed, Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote: > > That would still not work I think where swiotlb is used for pass-thr devices > > (when private memory is fine) as well as virtio devices (when shared memory is > > required). > > So that is a separate question. When there are multiple untrusted > devices, at the moment it looks like a single bounce buffer is used. > > Which to me seems like a security problem, I think we should protect > untrusted devices from each other.There are two DMA pools code in Linux already - the TTM one for graphics and the mm/dmapool.c - could those be used instead? Or augmented at least?