From: "Michael S. Tsirkin" <mst@redhat.com>
To: Roman Kiryanov <rkir@google.com>
Cc: Frank Yang <lfy@google.com>,
virtio-comment@lists.oasis-open.org,
Cornelia Huck <cohuck@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: [virtio-comment] Re: RFC: virtio-hostmem (+ Continuation of discussion from [virtio-dev] Memory sharing device)
Date: Mon, 25 Feb 2019 18:45:05 -0500 [thread overview]
Message-ID: <20190225183821-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <CAOGAQer=hvcuOQNLdcH8qVwtkG+BAVzAjsN0jegO9gvxYfuLYw@mail.gmail.com>
On Mon, Feb 25, 2019 at 03:08:19PM -0800, Roman Kiryanov wrote:
> Michael, thank you for your comments.
>
> > I'm not sure how does above answer the comment.
>
> Sorry for leaving this unclear, our guest driver tells the
> device guest's page size and then we do aligning-unaligning.
This might work. Note that host page size might be different.
If it's bigger host needs to be careful about allocating
full host pages anyway.
> > To try and put things in your terms, if you try to map a range of memory
> > you get access to a page that can be bigger than the range you asked
> > for.
>
> This is correct.
>
> > It can cause two ranges to violate a security boundary, cause
> > information leaks, etc.
>
> Could you please correct me if I am wrong. If I ask glMapBufferRange
> (without hosts and guests) for a 1K buffer with 4K pages, I will have
> access to other 3K. If a driver decides to put sensitive bits there -
> will this be the same situation?
Sounds similar.
> We assume pages are not shared between processes.
> If this assumption does not work then it is hard to share arbitrary pointers.
>
> Regards,
> Roman.
Right. Details on how memory is allocated in the proposed scheme are
scant but above I think shows that it can't all be up to guest.
--
MST
This publicly archived list offers a means to provide input to the
OASIS Virtual I/O Device (VIRTIO) TC.
In order to verify user consent to the Feedback License terms and
to minimize spam in the list archive, subscription is required
before posting.
Subscribe: virtio-comment-subscribe@lists.oasis-open.org
Unsubscribe: virtio-comment-unsubscribe@lists.oasis-open.org
List help: virtio-comment-help@lists.oasis-open.org
List archive: https://lists.oasis-open.org/archives/virtio-comment/
Feedback License: https://www.oasis-open.org/who/ipr/feedback_license.pdf
List Guidelines: https://www.oasis-open.org/policies-guidelines/mailing-lists
Committee: https://www.oasis-open.org/committees/virtio/
Join OASIS: https://www.oasis-open.org/join/
next prev parent reply other threads:[~2019-02-25 23:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-24 21:18 [virtio-comment] RFC: virtio-hostmem (+ Continuation of discussion from [virtio-dev] Memory sharing device) Frank Yang
2019-02-24 21:22 ` [virtio-comment] " Frank Yang
2019-02-25 5:15 ` Roman Kiryanov
2019-02-25 5:27 ` [virtio-comment] " Roman Kiryanov
2019-02-25 12:56 ` [virtio-comment] " Dr. David Alan Gilbert
2019-02-25 13:50 ` [virtio-comment] " Michael S. Tsirkin
2019-02-25 18:54 ` Roman Kiryanov
2019-02-25 20:34 ` Michael S. Tsirkin
2019-02-25 23:08 ` Roman Kiryanov
2019-02-25 23:45 ` Michael S. Tsirkin [this message]
2019-03-06 16:36 ` [virtio-comment] " Stefan Hajnoczi
2019-03-06 17:28 ` Michael S. Tsirkin
2019-03-07 17:33 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190225183821-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=cohuck@redhat.com \
--cc=dgilbert@redhat.com \
--cc=kraxel@redhat.com \
--cc=lfy@google.com \
--cc=rkir@google.com \
--cc=stefanha@redhat.com \
--cc=virtio-comment@lists.oasis-open.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox