Re: [PATCH net V2 4/4] vhost: log dirty page correctly

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 2018/12/14 下午9:20, Michael S. Tsirkin wrote:
On Fri, Dec 14, 2018 at 10:43:03AM +0800, Jason Wang wrote:
On 2018/12/13 下午10:31, Michael S. Tsirkin wrote:
Just to make sure I understand this. It looks to me we should:

- allow passing GIOVA->GPA through UAPI

- cache GIOVA->GPA somewhere but still use GIOVA->HVA in device IOTLB for
performance

Is this what you suggest?

Thanks
Not really. We already have GPA->HVA, so I suggested a flag to pass
GIOVA->GPA in the IOTLB.

This has advantages for security since a single table needs
then to be validated to ensure guest does not corrupt
QEMU memory.

I wonder how much we can gain through this. Currently, qemu IOMMU gives
GIOVA->GPA mapping, and qemu vhost code will translate GPA to HVA then pass
GIOVA->HVA to vhost. It looks no difference to me.

Thanks
The difference is in security not in performance.  Getting a bad HVA
corrupts QEMU memory and it might be guest controlled. Very risky.


How can this be controlled by guest? HVA was generated from qemu ram blocks which is totally under the control of qemu memory core instead of guest.


Thanks


  If
translations to HVA are done in a single place through a single table
it's safer as there's a single risky place.




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux