Re: [PATCH] swiotlb: Validate bounce size in the sync/unmap path

From: Christoph Hellwig
Date: Wed Jan 13 2021 - 06:31:04 EST

Next message: Jon Hunter: "Re: [PATCH v1 0/5] Enable fw_devlink=on by default"
Previous message: Mark Brown: "Re: [PATCH 2/2] ASoC: intel: fix soundwire dependencies"
In reply to: Martin Radev: "[PATCH] swiotlb: Validate bounce size in the sync/unmap path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 12, 2021 at 04:07:29PM +0100, Martin Radev wrote:
> The size of the buffer being bounced is not checked if it happens
> to be larger than the size of the mapped buffer. Because the size
> can be controlled by a device, as it's the case with virtio devices,
> this can lead to memory corruption.
>

I'm really worried about all these hodge podge hacks for not trusted
hypervisors in the I/O stack. Instead of trying to harden protocols
that are fundamentally not designed for this, how about instead coming
up with a new paravirtualized I/O interface that is specifically
designed for use with an untrusted hypervisor from the start?

Next message: Jon Hunter: "Re: [PATCH v1 0/5] Enable fw_devlink=on by default"
Previous message: Mark Brown: "Re: [PATCH 2/2] ASoC: intel: fix soundwire dependencies"
In reply to: Martin Radev: "[PATCH] swiotlb: Validate bounce size in the sync/unmap path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]