On 6/3/21 10:53 PM, Jason Wang wrote: > Hi: > > The virtio driver should not trust the device. This beame more urgent > for the case of encrtpyed VM or VDUSE[1]. In both cases, technology > like swiotlb/IOMMU is used to prevent the poking/mangling of memory > from the device. But this is not sufficient since current virtio > driver may trust what is stored in the descriptor table (coherent > mapping) for performing the DMA operations like unmap and bounce so > the device may choose to utilize the behaviour of swiotlb to perform > attacks[2]. Based on a quick skim, this looks entirely reasonable to me. (I'm not a virtio maintainer or expert. I got my hands very dirty with virtio once dealing with the DMA mess, but that's about it.) --Andy
