It is well known that mapping and unmapping grants is expensive, which is why blkback has persistent grants. Could this cost be mitigated by batching, and if it was, would it affect the tradeoff of memcpy() vs grant table operations?
Alternatively, would there be any interest in an “unsafe” mode for blkback that skips both the copy and the grant operations? This is obviously unsafe (hence the name!), but in many cases that unsafety does not actually matter. For instance, a Qubes dom0 can execute any shell command it wants in any Qubes VM via qvm-run. Much easier than trying to exploit some UaF or race condition 🙂. More generally, when the backend is the all-powerful dom0, trying to defend against a malicious backend is (at least in the absence of SEV-SNP or TDX) pointless, so one might as well not bother and take the free performance. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
signature.asc
Description: PGP signature
