On Fri, May 14, 2021 at 12:27 AM Stefan Hajnoczi <stefanha@xxxxxxxxxx> wrote: > > On Fri, Apr 23, 2021 at 04:09:35PM +0800, Jason Wang wrote: > > Sometimes, the driver doesn't trust the device. This is usually > > happens for the encrtpyed VM or VDUSE[1]. > > Thanks for doing this. > > Can you describe the overall memory safety model that virtio drivers > must follow? For example: > > - Driver-to-device buffers must be on dedicated pages to avoid > information leaks. > > - Driver-to-device buffers must be on dedicated pages to avoid memory > corruption. > > When I say "pages" I guess it's the IOMMU page size that matters? > > What is the memory access granularity of VDUSE? > Now we use PAGE_SIZE as the access granularity. I think it should be safe to access the Driver-to-device buffers in VDUSE case because we also use bounce-buffering mechanism like swiotlb does. Thanks, Yongji
