On Tue, Jan 12, 2021 at 04:07:29PM +0100, Martin Radev wrote: > The size of the buffer being bounced is not checked if it happens > to be larger than the size of the mapped buffer. Because the size > can be controlled by a device, as it's the case with virtio devices, > this can lead to memory corruption. > I'm really worried about all these hodge podge hacks for not trusted hypervisors in the I/O stack. Instead of trying to harden protocols that are fundamentally not designed for this, how about instead coming up with a new paravirtualized I/O interface that is specifically designed for use with an untrusted hypervisor from the start?
