On Thu, Nov 16, 2023 at 03:02:45PM -0500, Stefan Hajnoczi wrote: > Hi Elena, > You raised concerns about using packed virtqueues with untrusted devices at > Linux Plumbers Conference. I reviewed the specification and did not find > fundamental issues that would preclude the use of packed virtqueues in > untrusted devices. Do you have more information about issues with packed > virtqueues? > > I also reviewed Linux's virtio_ring.c to look for implementation issues. One > thing I noticed was that detach_buf_packed -> vring_unmap_desc_packed trusts > the fields of indirect descriptors that have been mapped to the device: > > flags = le16_to_cpu(desc->flags); > > dma_unmap_page(vring_dma_dev(vq), > le64_to_cpu(desc->addr), > le32_to_cpu(desc->len), > (flags & VRING_DESC_F_WRITE) ? > DMA_FROM_DEVICE : DMA_TO_DEVICE); > > This could be problematic if the device is able to modify indirect descriptors. > However, the indirect descriptor table is mapped with DMA_TO_DEVICE: > > addr = vring_map_single(vq, desc, > total_sg * sizeof(struct vring_packed_desc), > DMA_TO_DEVICE); > > There is no problem when there is an enforcing IOMMU that maps the page with > read-only permissions but that's not always the case. Software devices (QEMU, > vhost kernel, or vhost-user) usually have full access to guest RAM. Not with encrypted memory. > They can > cause dma_unmap_page() to be invoked with arguments of their choice (except for > the first argument) by modifying indirect descriptors. > I am not sure if this poses a danger since software devices already have access > to guest RAM, but I think this code is risky. It would be safer for the driver > to stash away the arguments needed for dma_unmap_page() in memory that is not > mapped to the device. > > Other than that, I didn't find any issues with the packed virtqueue > implementation. > > Stefan
