From: Andy Lutomirski <luto@kernel.org>
To: Jason Wang <jasowang@redhat.com>, mst@redhat.com
Cc: ashish.kalra@amd.com, ak@linux.intel.com, file@sect.tu-berlin.de,
kvm@vger.kernel.org, konrad.wilk@oracle.com,
linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org, hch@infradead.org,
xieyongji@bytedance.com, stefanha@redhat.com
Subject: Re: [PATCH 0/7] Do not read from descriptor ring
Date: Tue, 8 Jun 2021 09:24:04 -0700 [thread overview]
Message-ID: <1c079daa-f73d-cb1a-15ef-d8f57f9813b8@kernel.org> (raw)
In-Reply-To: <20210604055350.58753-1-jasowang@redhat.com>
On 6/3/21 10:53 PM, Jason Wang wrote:
> Hi:
>
> The virtio driver should not trust the device. This beame more urgent
> for the case of encrtpyed VM or VDUSE[1]. In both cases, technology
> like swiotlb/IOMMU is used to prevent the poking/mangling of memory
> from the device. But this is not sufficient since current virtio
> driver may trust what is stored in the descriptor table (coherent
> mapping) for performing the DMA operations like unmap and bounce so
> the device may choose to utilize the behaviour of swiotlb to perform
> attacks[2].
Based on a quick skim, this looks entirely reasonable to me.
(I'm not a virtio maintainer or expert. I got my hands very dirty with
virtio once dealing with the DMA mess, but that's about it.)
--Andy
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2021-06-08 16:24 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-04 5:53 [PATCH 0/7] Do not read from descriptor ring Jason Wang
2021-06-04 5:53 ` [PATCH 1/7] virtio-ring: maintain next in extra state for packed virtqueue Jason Wang
2021-06-04 5:53 ` [PATCH 2/7] virtio_ring: rename vring_desc_extra_packed Jason Wang
2021-06-04 5:53 ` [PATCH 3/7] virtio-ring: factor out desc_extra allocation Jason Wang
2021-06-04 5:53 ` [PATCH 4/7] virtio_ring: secure handling of mapping errors Jason Wang
2021-06-04 5:53 ` [PATCH 5/7] virtio_ring: introduce virtqueue_desc_add_split() Jason Wang
2021-06-04 5:53 ` [PATCH 6/7] virtio: use err label in __vring_new_virtqueue() Jason Wang
2021-06-04 5:53 ` [PATCH 7/7] virtio-ring: store DMA metadata in desc_extra for split virtqueue Jason Wang
2021-06-08 16:24 ` Andy Lutomirski [this message]
2021-06-10 3:12 ` [PATCH 0/7] Do not read from descriptor ring Jason Wang
2021-07-11 16:08 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1c079daa-f73d-cb1a-15ef-d8f57f9813b8@kernel.org \
--to=luto@kernel.org \
--cc=ak@linux.intel.com \
--cc=ashish.kalra@amd.com \
--cc=file@sect.tu-berlin.de \
--cc=hch@infradead.org \
--cc=jasowang@redhat.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=xieyongji@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).