From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NlkzC-0008Gy-5M
	for qemu-devel@nongnu.org; Sun, 28 Feb 2010 10:23:14 -0500
Received: from [199.232.76.173] (port=46469 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NlkzB-0008Gq-O3
	for qemu-devel@nongnu.org; Sun, 28 Feb 2010 10:23:13 -0500
Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim
	4.60) (envelope-from <paul@codesourcery.com>) id 1NlkzB-0001qr-Ei
	for qemu-devel@nongnu.org; Sun, 28 Feb 2010 10:23:13 -0500
Received: from mx20.gnu.org ([199.232.41.8]:65507)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <paul@codesourcery.com>)
	id 1NlkzB-0001qh-5s
	for qemu-devel@nongnu.org; Sun, 28 Feb 2010 10:23:13 -0500
Received: from mail.codesourcery.com ([38.113.113.100])
	by mx20.gnu.org with esmtp (Exim 4.60)
	(envelope-from <paul@codesourcery.com>) id 1NlkzA-00006T-13
	for qemu-devel@nongnu.org; Sun, 28 Feb 2010 10:23:12 -0500
From: Paul Brook <paul@codesourcery.com>
Subject: Re: [Qemu-devel] Re: [PATCHv2 09/12] vhost: vhost net support
Date: Sun, 28 Feb 2010 15:23:06 +0000
References: <cover.1267122331.git.mst@redhat.com>
	<201002281245.07802.paul@codesourcery.com>
	<20100228144412.GC28921@redhat.com>
In-Reply-To: <20100228144412.GC28921@redhat.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201002281523.06717.paul@codesourcery.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: amit.shah@redhat.com, quintela@redhat.com, qemu-devel@nongnu.org, kraxel@redhat.com

> So guest can cause vhost to write to a wrong place in RAM, but it can
> just pass a wrong address directly.  

That's not the point. Obviously any DMA capable device can be used to 
compromise a system. However if a device writes to address B after being told 
to write to address A, then you have a completely broken system.

> As long as vhost does not access a
> non-RAM address, we are definitely fine.

Why does it matter what it's changed to? The virtio DMA addresses guest 
physical addresses. If guest physical address mappings change then the virtio 
device must respect those changes. The extreme case is a system with an IOMMU 
(not currently implemented in QEMU). In that case it's likely that physical-
RAM mappings will change frequently.

Paul