On 03/02/2010 08:55 AM, Paul Brook wrote:
With a new api, cpu_physical_memory_map() changes semantics. It only
returns pointers for static ram mappings. Everything else is bounced
which guarantees that an address can't change during DMA.
Doesn't this mean that only the initial RAM is directly DMA-able?
While memory hotplug(and unplug) may be an infrequent event, having the
majority of ram be hotplug seems much more likely.
Hotplug works fine for direct DMA'ing. map/unmap would maintain a
reference count on the registered RAM region and hot unplug would not be
allowed until that reference dropped to zero. For something like
virtio, it means that the driver has to be unloaded in the guest before
you hot unplug the region of memory if it happens to be using that
region of memory for the ring storage.
The key difference is that these regions are created and destroyed
rarely and in such a way that the destruction is visible to the guest.
So you're making ram unmap an asynchronous process, and requiring that the
address space not be reused until that umap has completed?
It technically already would be. If you've got a pending DMA
transaction and you try to hot unplug badness will happen. This is
something that is certainly exploitable.
Regards,
Anthony Liguori
Paul
