It looks to me all the evils came from the fact that we depends on the
descriptor ring.
So the checks in this patch could is unnecessary if we don't even read
from the descriptor ring which could be manipulated by the device.
This is what my series tries to achieve:
https://www.spinics.net/lists/kvm/msg241825.html
I would argue that you should boundary check in any case. It was always
a bug to not have boundary checks in such a data structure with multiple
users, trust or not.
But yes your patch series is interesting and definitely makes sense for
TDX too.
Best would be to have both I guess, and always check the boundaries
everywhere.
So what's the merge status of your series?
-Andi
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization