On Fri, May 14, 2021 at 2:07 PM Yongji Xie <xieyongji@xxxxxxxxxxxxx> wrote: > > On Fri, May 14, 2021 at 12:27 AM Stefan Hajnoczi <stefanha@xxxxxxxxxx> wrote: > > > > On Fri, Apr 23, 2021 at 04:09:35PM +0800, Jason Wang wrote: > > > Sometimes, the driver doesn't trust the device. This is usually > > > happens for the encrtpyed VM or VDUSE[1]. > > > > Thanks for doing this. > > > > Can you describe the overall memory safety model that virtio drivers > > must follow? For example: > > > > - Driver-to-device buffers must be on dedicated pages to avoid > > information leaks. > > > > - Driver-to-device buffers must be on dedicated pages to avoid memory > > corruption. > > > > When I say "pages" I guess it's the IOMMU page size that matters? > > > > What is the memory access granularity of VDUSE? > > > > Now we use PAGE_SIZE as the access granularity. I think it should be > safe to access the Driver-to-device buffers in VDUSE case because we > also use bounce-buffering mechanism like swiotlb does. > > Thanks, > Yongji > Yes, while at this, I wonder it's possible the re-use the swiotlb codes for VDUSE, or having some common library for this. Otherwise there would be duplicated codes (bugs). Thanks
