On Sun, Feb 28, 2010 at 03:23:06PM +0000, Paul Brook wrote:
> > So guest can cause vhost to write to a wrong place in RAM, but it can
> > just pass a wrong address directly.  
> 
> That's not the point. Obviously any DMA capable device can be used to 
> compromise a system. However if a device writes to address B after being told 
> to write to address A, then you have a completely broken system.

Yes, but I do not see how this can happen with vhost backed to virtio.

> > As long as vhost does not access a
> > non-RAM address, we are definitely fine.
> 
> Why does it matter what it's changed to? The virtio DMA addresses guest 
> physical addresses. If guest physical address mappings change then the virtio 
> device must respect those changes. The extreme case is a system with an IOMMU 
> (not currently implemented in QEMU). In that case it's likely that physical-
> RAM mappings will change frequently.
> 
> Paul

Yes, but this is already supported. The one thing that my patches assume
does not change while device is active, is physical to qemu virtual
mapping for virtio ring.

Since virtio device is allowed to access the ring at any time,
such changes would only legal when device is not active IMO,
and my code translates physical to virtual when device is
made active.

So I do not see a bug.


-- 
MST


Reply via email to