On Tue, Nov 29, 2022 at 11:37:09AM +0800, Jason Wang wrote: > > > > > > Quite a lot of core work here. Jason are you still looking into > > hardening? > > Yes, last time we've discussed a solution that depends on the first > kick to enable the interrupt handler. But after some thought, it seems > risky since there's no guarantee that the device work in this way. > > One example is the current vhost_net, it doesn't wait for the kick to > process the rx packets. Any more thought on this? > > Thanks Specifically virtio net is careful to call virtio_device_ready under rtnl lock so buffers are only added after DRIVER_OK. However we do not need to tie this to kick, this is what I wrote: > BTW Jason, I had the idea to disable callbacks until driver uses the > virtio core for the first time (e.g. by calling virtqueue_add* family of > APIs). Less aggressive than your ideas but I feel it will add security > to the init path at least. So not necessarily kick, we can make adding buffers allow the interrupt. -- MST
